diff --git a/plugins/figma/server/api/figma.test.ts b/plugins/figma/server/api/figma.test.ts index d0f19386c4..9dcfaf0d19 100644 --- a/plugins/figma/server/api/figma.test.ts +++ b/plugins/figma/server/api/figma.test.ts @@ -13,7 +13,7 @@ describe("#figma.callback", () => { const res = await server.get( `/api/figma.callback?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); const body = await res.json(); @@ -27,7 +27,7 @@ describe("#figma.callback", () => { const res = await server.get( `/api/figma.callback?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); @@ -36,7 +36,7 @@ describe("#figma.callback", () => { it("should fail when state is not valid JSON", async () => { const user = await buildUser(); const res = await server.get( - `/api/figma.callback?state=bad&code=123&token=${user.getJwtToken()}`, + `/api/figma.callback?state=bad&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); diff --git a/plugins/github/server/api/github.test.ts b/plugins/github/server/api/github.test.ts index b3bb4a387b..f1a07198ec 100644 --- a/plugins/github/server/api/github.test.ts +++ b/plugins/github/server/api/github.test.ts @@ -14,7 +14,7 @@ describe("#github.callback", () => { const res = await server.get( `/api/github.callback?state=${encodeURIComponent( state - )}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getJwtToken()}`, + )}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getSessionToken()}`, { redirect: "manual" } ); const body = await res.json(); @@ -28,7 +28,7 @@ describe("#github.callback", () => { const res = await server.get( `/api/github.callback?state=${encodeURIComponent( state - )}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getJwtToken()}`, + )}&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); @@ -37,7 +37,7 @@ describe("#github.callback", () => { it("should fail when state is not valid JSON", async () => { const user = await buildUser(); const res = await server.get( - `/api/github.callback?state=bad&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getJwtToken()}`, + `/api/github.callback?state=bad&code=123&setup_action=${SetupAction.install}&installation_id=1&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); diff --git a/plugins/gitlab/server/api/gitlab.test.ts b/plugins/gitlab/server/api/gitlab.test.ts index 3617f9cd99..b0d67bf08a 100644 --- a/plugins/gitlab/server/api/gitlab.test.ts +++ b/plugins/gitlab/server/api/gitlab.test.ts @@ -13,7 +13,7 @@ describe("#gitlab.callback", () => { const res = await server.get( `/api/gitlab.callback?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); const body = await res.json(); @@ -27,7 +27,7 @@ describe("#gitlab.callback", () => { const res = await server.get( `/api/gitlab.callback?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); @@ -36,7 +36,7 @@ describe("#gitlab.callback", () => { it("should fail when state is not valid JSON", async () => { const user = await buildUser(); const res = await server.get( - `/api/gitlab.callback?state=bad&code=123&token=${user.getJwtToken()}`, + `/api/gitlab.callback?state=bad&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); diff --git a/plugins/linear/server/api/linear.test.ts b/plugins/linear/server/api/linear.test.ts index 278bc27ede..e7cf805da7 100644 --- a/plugins/linear/server/api/linear.test.ts +++ b/plugins/linear/server/api/linear.test.ts @@ -13,7 +13,7 @@ describe("#linear.callback", () => { const res = await server.get( `/api/linear.callback?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); const body = await res.json(); @@ -27,7 +27,7 @@ describe("#linear.callback", () => { const res = await server.get( `/api/linear.callback?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); @@ -36,7 +36,7 @@ describe("#linear.callback", () => { it("should fail when state is not valid JSON", async () => { const user = await buildUser(); const res = await server.get( - `/api/linear.callback?state=bad&code=123&token=${user.getJwtToken()}`, + `/api/linear.callback?state=bad&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); diff --git a/plugins/notion/server/api/notion.test.ts b/plugins/notion/server/api/notion.test.ts index 4be9ae4e15..82f7106d27 100644 --- a/plugins/notion/server/api/notion.test.ts +++ b/plugins/notion/server/api/notion.test.ts @@ -13,7 +13,7 @@ describe("#notion.callback", () => { const res = await server.get( `/api/notion.callback?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); const body = await res.json(); @@ -27,7 +27,7 @@ describe("#notion.callback", () => { const res = await server.get( `/api/notion.callback?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); @@ -36,7 +36,7 @@ describe("#notion.callback", () => { it("should fail when state is not valid JSON", async () => { const user = await buildUser(); const res = await server.get( - `/api/notion.callback?state=bad&code=123&token=${user.getJwtToken()}`, + `/api/notion.callback?state=bad&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); diff --git a/plugins/slack/server/auth/slack.test.ts b/plugins/slack/server/auth/slack.test.ts index a95e7ada06..cdefe2c24c 100644 --- a/plugins/slack/server/auth/slack.test.ts +++ b/plugins/slack/server/auth/slack.test.ts @@ -11,7 +11,7 @@ describe("#slack.post", () => { const res = await server.get( `/auth/slack.post?state=${JSON.stringify( {} - )}&code=123&token=${user.getJwtToken()}` + )}&code=123&token=${user.getSessionToken()}` ); expect(res.status).toEqual(400); }); @@ -19,7 +19,7 @@ describe("#slack.post", () => { it("should fail with status 400 bad request if query param state is not JSON", async () => { const user = await buildUser(); const res = await server.get( - `/auth/slack.post?state=bad&code=123&token=${user.getJwtToken()}` + `/auth/slack.post?state=bad&code=123&token=${user.getSessionToken()}` ); expect(res.status).toEqual(400); }); @@ -43,7 +43,7 @@ describe("#slack.post", () => { const res = await server.get( `/auth/slack.post?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); const body = await res.json(); @@ -60,7 +60,7 @@ describe("#slack.post", () => { const res = await server.get( `/auth/slack.post?state=${encodeURIComponent( state - )}&code=123&token=${user.getJwtToken()}`, + )}&code=123&token=${user.getSessionToken()}`, { redirect: "manual" } ); expect(res.status).toEqual(400); diff --git a/plugins/storage/server/api/files.test.ts b/plugins/storage/server/api/files.test.ts index 670fbb437c..2d9946172c 100644 --- a/plugins/storage/server/api/files.test.ts +++ b/plugins/storage/server/api/files.test.ts @@ -25,9 +25,8 @@ vi.setConfig({ testTimeout: 10000 }); describe("#files.create", () => { it("should fail with status 400 bad request if key is invalid", async () => { const user = await buildUser(); - const res = await server.post("/api/files.create", { + const res = await server.post("/api/files.create", user, { body: { - token: user.getJwtToken(), key: "public/foo/bar/baz.png", }, }); @@ -52,7 +51,7 @@ describe("#files.create", () => { const form = new FormData(); form.append("key", attachment.key); form.append("file", content, fileName); - form.append("token", user.getJwtToken()); + form.append("token", user.getSessionToken()); const res = await server.post(`/api/files.create`, { headers: form.getHeaders(), @@ -89,7 +88,7 @@ describe("#files.create", () => { const form = new FormData(); form.append("key", attachment.key); form.append("file", content, fileName); - form.append("token", user.getJwtToken()); + form.append("token", user.getSessionToken()); const res = await server.post(`/api/files.create`, { headers: form.getHeaders(), @@ -118,7 +117,7 @@ describe("#files.create", () => { const form = new FormData(); form.append("key", attachment.key); form.append("file", content, fileName); - form.append("token", user.getJwtToken()); + form.append("token", user.getSessionToken()); const res = await server.post(`/api/files.create`, { headers: form.getHeaders(), @@ -150,7 +149,7 @@ describe("#files.create", () => { const form = new FormData(); form.append("key", attachment.key); form.append("file", content, fileName); - form.append("token", user.getJwtToken()); + form.append("token", user.getSessionToken()); const res = await server.post(`/api/files.create`, { headers: form.getHeaders(), @@ -181,7 +180,7 @@ describe("#files.create", () => { const form = new FormData(); form.append("key", attachment.key); form.append("file", content, fileName); - form.append("token", user.getJwtToken()); + form.append("token", user.getSessionToken()); const res = await server.post(`/api/files.create`, { headers: form.getHeaders(), @@ -262,7 +261,7 @@ describe("#files.get", () => { const form = new FormData(); form.append("key", attachment.key); form.append("file", content, fileName); - form.append("token", user.getJwtToken()); + form.append("token", user.getSessionToken()); await server.post(`/api/files.create`, { headers: form.getHeaders(), @@ -298,7 +297,7 @@ describe("#files.get", () => { const form = new FormData(); form.append("key", attachment.key); form.append("file", content, fileName); - form.append("token", user.getJwtToken()); + form.append("token", user.getSessionToken()); await server.post(`/api/files.create`, { headers: form.getHeaders(), @@ -432,7 +431,7 @@ describe("#files.get", () => { // Non-owner user should be able to access public-read attachment const res = await server.get(`/api/files.get?key=${key}`, { headers: { - Authorization: `Bearer ${otherUser.getJwtToken()}`, + Authorization: `Bearer ${otherUser.getSessionToken()}`, }, }); expect(res.status).toEqual(200); @@ -467,7 +466,7 @@ describe("#files.get", () => { // Non-owner user should NOT be able to access private attachment const res = await server.get(`/api/files.get?key=${key}`, { headers: { - Authorization: `Bearer ${otherUser.getJwtToken()}`, + Authorization: `Bearer ${otherUser.getSessionToken()}`, }, }); expect(res.status).toEqual(403); diff --git a/plugins/webhooks/server/api/webhookSubscriptions.test.ts b/plugins/webhooks/server/api/webhookSubscriptions.test.ts index 9c355e0bc4..1eaf1d28de 100644 --- a/plugins/webhooks/server/api/webhookSubscriptions.test.ts +++ b/plugins/webhooks/server/api/webhookSubscriptions.test.ts @@ -21,9 +21,7 @@ describe("#webhookSubscriptions.list", () => { it("should fail with status 403 forbidden for non-admin user", async () => { const user = await buildUser(); - const res = await server.post("/api/webhookSubscriptions.list", { - body: { token: user.getJwtToken() }, - }); + const res = await server.post("/api/webhookSubscriptions.list", user); const body = await res.json(); expect(res.status).toEqual(403); @@ -43,9 +41,7 @@ describe("#webhookSubscriptions.list", () => { ) ); - const res = await server.post("/api/webhookSubscriptions.list", { - body: { token: user.getJwtToken() }, - }); + const res = await server.post("/api/webhookSubscriptions.list", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -70,8 +66,8 @@ describe("#webhookSubscriptions.list", () => { name: "Development Hook", }); - const res = await server.post("/api/webhookSubscriptions.list", { - body: { token: user.getJwtToken(), query: "webhook" }, + const res = await server.post("/api/webhookSubscriptions.list", user, { + body: { query: "webhook" }, }); const body = await res.json(); @@ -97,8 +93,8 @@ describe("#webhookSubscriptions.list", () => { name: "Staging Webhook", }); - const res = await server.post("/api/webhookSubscriptions.list", { - body: { token: user.getJwtToken(), query: "PRODUCTION" }, + const res = await server.post("/api/webhookSubscriptions.list", user, { + body: { query: "PRODUCTION" }, }); const body = await res.json(); @@ -115,8 +111,8 @@ describe("#webhookSubscriptions.list", () => { name: "Production Webhook", }); - const res = await server.post("/api/webhookSubscriptions.list", { - body: { token: user.getJwtToken(), query: "nonexistent" }, + const res = await server.post("/api/webhookSubscriptions.list", user, { + body: { query: "nonexistent" }, }); const body = await res.json(); @@ -139,9 +135,7 @@ describe("#webhookSubscriptions.create", () => { it("should fail with status 403 forbidden for non-admin user", async () => { const user = await buildUser(); - const res = await server.post("/api/webhookSubscriptions.create", { - body: { token: user.getJwtToken() }, - }); + const res = await server.post("/api/webhookSubscriptions.create", user); const body = await res.json(); expect(res.status).toEqual(403); @@ -155,9 +149,8 @@ describe("#webhookSubscriptions.create", () => { const events = ["comments"]; const secret = "Test secret"; - const res = await server.post("/api/webhookSubscriptions.create", { + const res = await server.post("/api/webhookSubscriptions.create", user, { body: { - token: user.getJwtToken(), name, url, events, @@ -190,9 +183,7 @@ describe("#webhookSubscriptions.update", () => { it("should fail with status 403 forbidden for non-admin user", async () => { const user = await buildUser(); - const res = await server.post("/api/webhookSubscriptions.update", { - body: { token: user.getJwtToken() }, - }); + const res = await server.post("/api/webhookSubscriptions.update", user); const body = await res.json(); expect(res.status).toEqual(403); @@ -213,9 +204,8 @@ describe("#webhookSubscriptions.update", () => { teamId: user.teamId, }); - const res = await server.post("/api/webhookSubscriptions.update", { + const res = await server.post("/api/webhookSubscriptions.update", user, { body: { - token: user.getJwtToken(), id: existingWebhook.id, name, url, @@ -247,9 +237,8 @@ describe("#webhookSubscriptions.update", () => { enabled: false, }); - const res = await server.post("/api/webhookSubscriptions.update", { + const res = await server.post("/api/webhookSubscriptions.update", user, { body: { - token: user.getJwtToken(), id: disabledWebhook.id, name, url, @@ -281,9 +270,7 @@ describe("#webhookSubscriptions.delete", () => { it("should fail with status 403 forbidden for non-admin user", async () => { const user = await buildUser(); - const res = await server.post("/api/webhookSubscriptions.delete", { - body: { token: user.getJwtToken() }, - }); + const res = await server.post("/api/webhookSubscriptions.delete", user); const body = await res.json(); expect(res.status).toEqual(403); @@ -300,8 +287,8 @@ describe("#webhookSubscriptions.delete", () => { teamId: user.teamId, }); - const res = await server.post("/api/webhookSubscriptions.delete", { - body: { token: user.getJwtToken(), id: createdWebhook.id }, + const res = await server.post("/api/webhookSubscriptions.delete", user, { + body: { id: createdWebhook.id }, }); const body = await res.json(); diff --git a/server/middlewares/authentication.test.ts b/server/middlewares/authentication.test.ts index 661d553e2e..fc4608cdfe 100644 --- a/server/middlewares/authentication.test.ts +++ b/server/middlewares/authentication.test.ts @@ -21,7 +21,7 @@ describe("Authentication middleware", () => { { // @ts-expect-error mock request request: { - get: vi.fn(() => `Bearer ${user.getJwtToken()}`), + get: vi.fn(() => `Bearer ${user.getSessionToken()}`), }, state, cache: {}, @@ -41,7 +41,7 @@ describe("Authentication middleware", () => { { // @ts-expect-error mock request request: { - get: vi.fn(() => `Bearer ${user.getJwtToken()}error`), + get: vi.fn(() => `Bearer ${user.getSessionToken()}error`), }, state, cache: {}, @@ -65,7 +65,7 @@ describe("Authentication middleware", () => { { // @ts-expect-error mock request request: { - get: vi.fn(() => `Bearer ${user.getJwtToken()}`), + get: vi.fn(() => `Bearer ${user.getSessionToken()}`), }, state, cache: {}, @@ -295,7 +295,7 @@ describe("Authentication middleware", () => { // @ts-expect-error mock request get: vi.fn(() => null), query: { - token: user.getJwtToken(), + token: user.getSessionToken(), }, }, state, @@ -316,7 +316,7 @@ describe("Authentication middleware", () => { // @ts-expect-error mock request get: vi.fn(() => null), body: { - token: user.getJwtToken(), + token: user.getSessionToken(), }, }, state, @@ -342,7 +342,7 @@ describe("Authentication middleware", () => { { // @ts-expect-error mock request request: { - get: vi.fn(() => `Bearer ${user.getJwtToken()}`), + get: vi.fn(() => `Bearer ${user.getSessionToken()}`), }, state, cache: {}, @@ -372,7 +372,7 @@ describe("Authentication middleware", () => { { // @ts-expect-error mock request request: { - get: vi.fn(() => `Bearer ${user.getJwtToken()}`), + get: vi.fn(() => `Bearer ${user.getSessionToken()}`), }, state, cache: {}, diff --git a/server/models/User.test.ts b/server/models/User.test.ts index 48f7b0af32..ddb0b9a2bd 100644 --- a/server/models/User.test.ts +++ b/server/models/User.test.ts @@ -153,10 +153,10 @@ describe("user model", () => { }); }); - describe("getJwtToken", () => { + describe("getSessionToken", () => { it("should set JWT secret", async () => { const user = await buildUser(); - expect(user.getJwtToken()).toBeTruthy(); + expect(user.getSessionToken()).toBeTruthy(); }); }); diff --git a/server/models/User.ts b/server/models/User.ts index 1b60040a81..06ae43fd52 100644 --- a/server/models/User.ts +++ b/server/models/User.ts @@ -608,7 +608,7 @@ class User extends ParanoidModel< * @param service The authentication service used to generate the token, if applicable * @returns The session token */ - getJwtToken = (expiresAt?: Date, service?: string) => + getSessionToken = (expiresAt?: Date, service?: string) => JWT.sign( { id: this.id, diff --git a/server/routes/api/accessRequests/accessRequests.test.ts b/server/routes/api/accessRequests/accessRequests.test.ts index 62adf9a5f9..1173295911 100644 --- a/server/routes/api/accessRequests/accessRequests.test.ts +++ b/server/routes/api/accessRequests/accessRequests.test.ts @@ -15,11 +15,7 @@ const server = getTestServer(); describe("#accessRequests.create", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/accessRequests.create", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/accessRequests.create", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("documentId: Must be a valid UUID or slug"); @@ -37,9 +33,8 @@ describe("#accessRequests.create", () => { it("should return 404 for non-existent document", async () => { const user = await buildUser(); - const res = await server.post("/api/accessRequests.create", { + const res = await server.post("/api/accessRequests.create", user, { body: { - token: user.getJwtToken(), documentId: "a8f22c38-f4eb-4909-8c30-b927af36c5f3", }, }); @@ -63,9 +58,8 @@ describe("#accessRequests.create", () => { collectionId: collection.id, }); - const res = await server.post("/api/accessRequests.create", { + const res = await server.post("/api/accessRequests.create", requester, { body: { - token: requester.getJwtToken(), documentId: document.id, }, }); @@ -85,9 +79,8 @@ describe("#accessRequests.create", () => { createdById: owner.id, }); - const res = await server.post("/api/accessRequests.create", { + const res = await server.post("/api/accessRequests.create", requester, { body: { - token: requester.getJwtToken(), documentId: document.id, }, }); @@ -110,9 +103,8 @@ describe("#accessRequests.create", () => { collectionId: collection.id, }); - const res = await server.post("/api/accessRequests.create", { + const res = await server.post("/api/accessRequests.create", requester, { body: { - token: requester.getJwtToken(), documentId: document.urlId, }, }); @@ -135,17 +127,15 @@ describe("#accessRequests.create", () => { }); // Create first access request - const res1 = await server.post("/api/accessRequests.create", { + const res1 = await server.post("/api/accessRequests.create", requester, { body: { - token: requester.getJwtToken(), documentId: document.id, }, }); // Try to create another - const res2 = await server.post("/api/accessRequests.create", { + const res2 = await server.post("/api/accessRequests.create", requester, { body: { - token: requester.getJwtToken(), documentId: document.id, }, }); @@ -189,9 +179,8 @@ describe("#accessRequests.create", () => { }); // Create new request - const res2 = await server.post("/api/accessRequests.create", { + const res2 = await server.post("/api/accessRequests.create", requester, { body: { - token: requester.getJwtToken(), documentId: document.id, }, }); @@ -211,11 +200,7 @@ describe("#accessRequests.info", () => { it("should fail if both id and documentId are missing", async () => { const user = await buildUser(); - const res = await server.post("/api/accessRequests.info", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/accessRequests.info", user); expect(res.status).toEqual(400); }); @@ -234,9 +219,8 @@ describe("#accessRequests.info", () => { teamId: team.id, }); - const res = await server.post("/api/accessRequests.info", { + const res = await server.post("/api/accessRequests.info", requester, { body: { - token: requester.getJwtToken(), id: accessRequest.id, }, }); @@ -262,9 +246,8 @@ describe("#accessRequests.info", () => { teamId: team.id, }); - const res = await server.post("/api/accessRequests.info", { + const res = await server.post("/api/accessRequests.info", requester, { body: { - token: requester.getJwtToken(), documentId: document.urlId, }, }); @@ -277,9 +260,8 @@ describe("#accessRequests.info", () => { it("should return 404 if access request not found", async () => { const user = await buildUser(); - const res = await server.post("/api/accessRequests.info", { + const res = await server.post("/api/accessRequests.info", user, { body: { - token: user.getJwtToken(), id: "00000000-0000-0000-0000-000000000000", }, }); @@ -309,9 +291,8 @@ describe("#accessRequests.approve", () => { status: AccessRequestStatus.Pending, }); - const res = await server.post("/api/accessRequests.approve", { + const res = await server.post("/api/accessRequests.approve", admin, { body: { - token: admin.getJwtToken(), id: accessRequest.id, permission: DocumentPermission.ReadWrite, }, @@ -355,9 +336,8 @@ describe("#accessRequests.approve", () => { teamId: team.id, }); - const res = await server.post("/api/accessRequests.approve", { + const res = await server.post("/api/accessRequests.approve", nonManager, { body: { - token: nonManager.getJwtToken(), id: accessRequest.id, permission: DocumentPermission.ReadWrite, }, @@ -389,9 +369,8 @@ describe("#accessRequests.approve", () => { status: AccessRequestStatus.Pending, }); - const res = await server.post("/api/accessRequests.approve", { + const res = await server.post("/api/accessRequests.approve", admin, { body: { - token: admin.getJwtToken(), id: accessRequest.id, permission: DocumentPermission.ReadWrite, }, @@ -429,9 +408,8 @@ describe("#accessRequests.approve", () => { respondedAt: new Date(), }); - const res = await server.post("/api/accessRequests.approve", { + const res = await server.post("/api/accessRequests.approve", admin, { body: { - token: admin.getJwtToken(), id: accessRequest.id, permission: DocumentPermission.ReadWrite, }, @@ -463,9 +441,8 @@ describe("#accessRequests.dismiss", () => { teamId: team.id, }); - const res = await server.post("/api/accessRequests.dismiss", { + const res = await server.post("/api/accessRequests.dismiss", admin, { body: { - token: admin.getJwtToken(), id: accessRequest.id, }, }); @@ -509,9 +486,8 @@ describe("#accessRequests.dismiss", () => { teamId: team.id, }); - const res = await server.post("/api/accessRequests.dismiss", { + const res = await server.post("/api/accessRequests.dismiss", nonManager, { body: { - token: nonManager.getJwtToken(), id: accessRequest.id, }, }); @@ -539,9 +515,8 @@ describe("#accessRequests.dismiss", () => { respondedAt, }); - const res = await server.post("/api/accessRequests.dismiss", { + const res = await server.post("/api/accessRequests.dismiss", admin, { body: { - token: admin.getJwtToken(), id: accessRequest.id, }, }); diff --git a/server/routes/api/apiKeys/apiKeys.test.ts b/server/routes/api/apiKeys/apiKeys.test.ts index fc12563647..68acaff701 100644 --- a/server/routes/api/apiKeys/apiKeys.test.ts +++ b/server/routes/api/apiKeys/apiKeys.test.ts @@ -14,9 +14,8 @@ describe("#apiKeys.create", () => { const now = new Date(); const user = await buildUser(); - const res = await server.post("/api/apiKeys.create", { + const res = await server.post("/api/apiKeys.create", user, { body: { - token: user.getJwtToken(), name: "My API Key", expiresAt: now.toISOString(), }, @@ -32,9 +31,8 @@ describe("#apiKeys.create", () => { it("should allow creating an api key without expiry", async () => { const user = await buildUser(); - const res = await server.post("/api/apiKeys.create", { + const res = await server.post("/api/apiKeys.create", user, { body: { - token: user.getJwtToken(), name: "My API Key", }, }); @@ -49,9 +47,8 @@ describe("#apiKeys.create", () => { it("should allow creating an api key with scopes", async () => { const user = await buildUser(); - const res = await server.post("/api/apiKeys.create", { + const res = await server.post("/api/apiKeys.create", user, { body: { - token: user.getJwtToken(), name: "My API Key", scope: [ "/api/documents.list", @@ -82,9 +79,8 @@ describe("#apiKeys.create", () => { it("should allow viewers to create an api key", async () => { const viewer = await buildViewer(); - const res = await server.post("/api/apiKeys.create", { + const res = await server.post("/api/apiKeys.create", viewer, { body: { - token: viewer.getJwtToken(), name: "My API Key", }, }); @@ -97,9 +93,8 @@ describe("#apiKeys.create", () => { it("should not allow guests to create an api key", async () => { const guest = await buildGuestUser(); - const res = await server.post("/api/apiKeys.create", { + const res = await server.post("/api/apiKeys.create", guest, { body: { - token: guest.getJwtToken(), name: "My API Key", }, }); @@ -119,10 +114,9 @@ describe("#apiKeys.list", () => { const admin = await buildAdmin({ teamId: user.teamId }); await buildApiKey({ userId: user.id }); - const res = await server.post("/api/apiKeys.list", { + const res = await server.post("/api/apiKeys.list", admin, { body: { userId: user.id, - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -137,10 +131,9 @@ describe("#apiKeys.list", () => { await buildApiKey({ userId: user.id }); await buildApiKey({ userId: admin.id }); - const res = await server.post("/api/apiKeys.list", { + const res = await server.post("/api/apiKeys.list", admin, { body: { userId: admin.id, - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -156,11 +149,7 @@ describe("#apiKeys.list", () => { await buildApiKey({ userId: user.id }); await buildApiKey(); - const res = await server.post("/api/apiKeys.list", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/apiKeys.list", admin); const body = await res.json(); @@ -174,9 +163,8 @@ describe("#apiKeys.list", () => { await buildApiKey({ userId: admin.id, name: "Staging Key" }); await buildApiKey({ userId: admin.id, name: "Development Token" }); - const res = await server.post("/api/apiKeys.list", { + const res = await server.post("/api/apiKeys.list", admin, { body: { - token: admin.getJwtToken(), query: "key", }, }); @@ -196,9 +184,8 @@ describe("#apiKeys.list", () => { await buildApiKey({ userId: admin.id, name: "Production Key" }); await buildApiKey({ userId: admin.id, name: "Staging Key" }); - const res = await server.post("/api/apiKeys.list", { + const res = await server.post("/api/apiKeys.list", admin, { body: { - token: admin.getJwtToken(), query: "PRODUCTION", }, }); @@ -213,9 +200,8 @@ describe("#apiKeys.list", () => { const admin = await buildAdmin(); await buildApiKey({ userId: admin.id, name: "Production Key" }); - const res = await server.post("/api/apiKeys.list", { + const res = await server.post("/api/apiKeys.list", admin, { body: { - token: admin.getJwtToken(), query: "nonexistent", }, }); @@ -229,9 +215,8 @@ describe("#apiKeys.list", () => { const viewer = await buildViewer(); await buildApiKey({ userId: viewer.id }); - const res = await server.post("/api/apiKeys.list", { + const res = await server.post("/api/apiKeys.list", viewer, { body: { - token: viewer.getJwtToken(), userId: viewer.id, }, }); @@ -255,9 +240,8 @@ describe("#apiKeys.delete", () => { userId: user.id, }); - const res = await server.post("/api/apiKeys.delete", { + const res = await server.post("/api/apiKeys.delete", user, { body: { - token: user.getJwtToken(), id: apiKey.id, }, }); @@ -273,9 +257,8 @@ describe("#apiKeys.delete", () => { userId: otherUser.id, }); - const res = await server.post("/api/apiKeys.delete", { + const res = await server.post("/api/apiKeys.delete", user, { body: { - token: user.getJwtToken(), id: apiKey.id, }, }); @@ -291,9 +274,8 @@ describe("#apiKeys.delete", () => { userId: user.id, }); - const res = await server.post("/api/apiKeys.delete", { + const res = await server.post("/api/apiKeys.delete", admin, { body: { - token: admin.getJwtToken(), id: apiKey.id, }, }); @@ -305,9 +287,8 @@ describe("#apiKeys.delete", () => { const viewer = await buildViewer(); const apiKey = await buildApiKey({ userId: viewer.id }); - const res = await server.post("/api/apiKeys.delete", { + const res = await server.post("/api/apiKeys.delete", viewer, { body: { - token: viewer.getJwtToken(), id: apiKey.id, }, }); diff --git a/server/routes/api/attachments/attachments.test.ts b/server/routes/api/attachments/attachments.test.ts index a113e162cf..7c738f135b 100644 --- a/server/routes/api/attachments/attachments.test.ts +++ b/server/routes/api/attachments/attachments.test.ts @@ -33,11 +33,7 @@ describe("#attachments.list", () => { userId: user.id, }); - const res = await server.post("/api/attachments.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/attachments.list", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -61,10 +57,9 @@ describe("#attachments.list", () => { userId: admin.id, }); - const res = await server.post("/api/attachments.list", { + const res = await server.post("/api/attachments.list", admin, { body: { userId: user.id, - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -90,10 +85,9 @@ describe("#attachments.list", () => { userId: user.id, }); - const res = await server.post("/api/attachments.list", { + const res = await server.post("/api/attachments.list", user, { body: { documentId: document.id, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -113,11 +107,7 @@ describe("#attachments.list", () => { userId: anotherUser.id, }); - const res = await server.post("/api/attachments.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/attachments.list", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -139,13 +129,12 @@ describe("#attachments.create", () => { describe("member", () => { it("should allow upload using avatar preset", async () => { const user = await buildUser(); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.png", contentType: "image/png", size: 1000, preset: AttachmentPreset.Avatar, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(200); @@ -164,14 +153,13 @@ describe("#attachments.create", () => { userId: user.id, }); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.png", contentType: "image/png", size: 1000, documentId: document.id, preset: AttachmentPreset.DocumentAttachment, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(200); @@ -179,13 +167,12 @@ describe("#attachments.create", () => { it("should create expiring attachment using import preset", async () => { const user = await buildUser(); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.zip", contentType: "application/zip", size: 10000, preset: AttachmentPreset.WorkspaceImport, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(200); @@ -201,14 +188,13 @@ describe("#attachments.create", () => { const user = await buildUser(); const document = await buildDocument(); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.png", contentType: "image/png", size: 1000, documentId: document.id, preset: AttachmentPreset.DocumentAttachment, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(403); @@ -216,13 +202,12 @@ describe("#attachments.create", () => { it("should not allow file upload for avatar preset", async () => { const user = await buildUser(); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.pdf", contentType: "application/pdf", size: 1000, preset: AttachmentPreset.Avatar, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(400); @@ -230,13 +215,12 @@ describe("#attachments.create", () => { it("should reject negative size", async () => { const user = await buildUser(); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.png", contentType: "image/png", size: -1, preset: AttachmentPreset.Emoji, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(400); @@ -244,13 +228,12 @@ describe("#attachments.create", () => { it("should reject non-integer size", async () => { const user = await buildUser(); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.png", contentType: "image/png", size: 1.5, preset: AttachmentPreset.Emoji, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(400); @@ -276,14 +259,13 @@ describe("#attachments.create", () => { permission: CollectionPermission.ReadWrite, }); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.png", contentType: "image/png", size: 1000, documentId: document.id, preset: AttachmentPreset.DocumentAttachment, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(200); @@ -293,14 +275,13 @@ describe("#attachments.create", () => { const user = await buildViewer(); const document = await buildDocument({ teamId: user.teamId }); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.png", contentType: "image/png", size: 1000, documentId: document.id, preset: AttachmentPreset.DocumentAttachment, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(403); @@ -308,13 +289,12 @@ describe("#attachments.create", () => { it("should allow upload using avatar preset", async () => { const user = await buildViewer(); - const res = await server.post("/api/attachments.create", { + const res = await server.post("/api/attachments.create", user, { body: { name: "test.png", contentType: "image/png", size: 1000, preset: AttachmentPreset.Avatar, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(200); @@ -334,9 +314,8 @@ describe("#attachments.delete", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/attachments.delete", { + const res = await server.post("/api/attachments.delete", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, }); @@ -358,9 +337,8 @@ describe("#attachments.delete", () => { }); attachment.documentId = null; await attachment.save(); - const res = await server.post("/api/attachments.delete", { + const res = await server.post("/api/attachments.delete", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, }); @@ -381,9 +359,8 @@ describe("#attachments.delete", () => { }); attachment.documentId = null; await attachment.save(); - const res = await server.post("/api/attachments.delete", { + const res = await server.post("/api/attachments.delete", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, }); @@ -402,9 +379,8 @@ describe("#attachments.delete", () => { const attachment = await buildAttachment(); attachment.documentId = null; await attachment.save(); - const res = await server.post("/api/attachments.delete", { + const res = await server.post("/api/attachments.delete", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, }); @@ -418,9 +394,8 @@ describe("#attachments.delete", () => { }); attachment.documentId = null; await attachment.save(); - const res = await server.post("/api/attachments.delete", { + const res = await server.post("/api/attachments.delete", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, }); @@ -443,9 +418,8 @@ describe("#attachments.delete", () => { documentId: document.id, acl: "private", }); - const res = await server.post("/api/attachments.delete", { + const res = await server.post("/api/attachments.delete", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, }); @@ -460,9 +434,8 @@ describe("#attachments.redirect", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/attachments.redirect", { + const res = await server.post("/api/attachments.redirect", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, redirect: "manual", @@ -478,10 +451,8 @@ describe("#attachments.redirect", () => { }); const res = await server.post( `/api/attachments.redirect?id=${attachment.id}`, + user, { - body: { - token: user.getJwtToken(), - }, redirect: "manual", } ); @@ -505,9 +476,8 @@ describe("#attachments.redirect", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/attachments.redirect", { + const res = await server.post("/api/attachments.redirect", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, redirect: "manual", @@ -532,9 +502,8 @@ describe("#attachments.redirect", () => { userId: user.id, documentId: document.id, }); - const res = await server.post("/api/attachments.redirect", { + const res = await server.post("/api/attachments.redirect", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, redirect: "manual", @@ -587,9 +556,8 @@ describe("#attachments.redirect", () => { documentId: document.id, acl: "private", }); - const res = await server.post("/api/attachments.redirect", { + const res = await server.post("/api/attachments.redirect", user, { body: { - token: user.getJwtToken(), id: attachment.id, }, }); @@ -598,11 +566,7 @@ describe("#attachments.redirect", () => { it("should fail in absence of id", async () => { const user = await buildUser(); - const res = await server.post("/api/attachments.redirect", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/attachments.redirect", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id is required"); diff --git a/server/routes/api/auth/auth.test.ts b/server/routes/api/auth/auth.test.ts index 5da0e784e0..5466361d4b 100644 --- a/server/routes/api/auth/auth.test.ts +++ b/server/routes/api/auth/auth.test.ts @@ -27,11 +27,7 @@ describe("#auth.info", () => { teamId: team2.id, email: user.email, }); - const res = await server.post("/api/auth.info", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/auth.info", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -52,11 +48,7 @@ describe("#auth.info", () => { const team = await buildTeam(); const user = await buildUser({ teamId: team.id }); await team.destroy(); - const res = await server.post("/api/auth.info", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/auth.info", user); expect(res.status).toEqual(401); }); @@ -69,18 +61,10 @@ describe("#auth.info", () => { describe("#auth.delete", () => { it("should make the access token unusable", async () => { const user = await buildUser(); - const res = await server.post("/api/auth.delete", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/auth.delete", user); expect(res.status).toEqual(200); - const res2 = await server.post("/api/auth.info", { - body: { - token: user.getJwtToken(), - }, - }); + const res2 = await server.post("/api/auth.info", user); expect(res2.status).toEqual(401); }); diff --git a/server/routes/api/authenticationProviders/authenticationProviders.test.ts b/server/routes/api/authenticationProviders/authenticationProviders.test.ts index bf2f175a35..cd50ef6005 100644 --- a/server/routes/api/authenticationProviders/authenticationProviders.test.ts +++ b/server/routes/api/authenticationProviders/authenticationProviders.test.ts @@ -20,10 +20,9 @@ describe("#authenticationProviders.info", () => { teamId: team.id, }); const authenticationProviders = await team.$get("authenticationProviders"); - const res = await server.post("/api/authenticationProviders.info", { + const res = await server.post("/api/authenticationProviders.info", user, { body: { id: authenticationProviders[0].id, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -39,10 +38,9 @@ describe("#authenticationProviders.info", () => { const team = await buildTeam(); const user = await buildUser(); const authenticationProviders = await team.$get("authenticationProviders"); - const res = await server.post("/api/authenticationProviders.info", { + const res = await server.post("/api/authenticationProviders.info", user, { body: { id: authenticationProviders[0].id, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(403); @@ -69,11 +67,10 @@ describe("#authenticationProviders.update", () => { teamId: team.id, }); const authenticationProviders = await team.$get("authenticationProviders"); - const res = await server.post("/api/authenticationProviders.update", { + const res = await server.post("/api/authenticationProviders.update", user, { body: { id: authenticationProviders[0].id, isEnabled: false, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(400); @@ -88,11 +85,10 @@ describe("#authenticationProviders.update", () => { name: "google", providerId: randomUUID(), }); - const res = await server.post("/api/authenticationProviders.update", { + const res = await server.post("/api/authenticationProviders.update", user, { body: { id: googleProvider.id, isEnabled: false, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -106,11 +102,10 @@ describe("#authenticationProviders.update", () => { const team = await buildTeam(); const user = await buildUser({ teamId: team.id }); const authenticationProviders = await team.$get("authenticationProviders"); - const res = await server.post("/api/authenticationProviders.update", { + const res = await server.post("/api/authenticationProviders.update", user, { body: { id: authenticationProviders[0].id, isEnabled: false, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(403); @@ -135,11 +130,7 @@ describe("#authenticationProviders.list", () => { const user = await buildAdmin({ teamId: team.id, }); - const res = await server.post("/api/authenticationProviders.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/authenticationProviders.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toBe(3); @@ -170,10 +161,9 @@ describe("#authenticationProviders.delete", () => { name: "google", providerId: randomUUID(), }); - const res = await server.post("/api/authenticationProviders.delete", { + const res = await server.post("/api/authenticationProviders.delete", user, { body: { id: googleProvider.id, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(200); @@ -191,10 +181,9 @@ describe("#authenticationProviders.delete", () => { name: "google", providerId: randomUUID(), }); - const res = await server.post("/api/authenticationProviders.delete", { + const res = await server.post("/api/authenticationProviders.delete", user, { body: { id: googleProvider.id, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(200); @@ -213,10 +202,9 @@ describe("#authenticationProviders.delete", () => { name: "google", providerId: randomUUID(), }); - const res = await server.post("/api/authenticationProviders.delete", { + const res = await server.post("/api/authenticationProviders.delete", user, { body: { id: googleProvider.id, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(403); diff --git a/server/routes/api/collections/collections.test.ts b/server/routes/api/collections/collections.test.ts index d6d723f857..d47fbc5aa4 100644 --- a/server/routes/api/collections/collections.test.ts +++ b/server/routes/api/collections/collections.test.ts @@ -27,11 +27,7 @@ describe("#collections.list", () => { userId: user.id, teamId: team.id, }); - const res = await server.post("/api/collections.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/collections.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -47,9 +43,8 @@ describe("#collections.list", () => { teamId: team.id, archivedAt: new Date(), }); - const res = await server.post("/api/collections.list", { + const res = await server.post("/api/collections.list", admin, { body: { - token: admin.getJwtToken(), statusFilter: [CollectionStatusFilter.Archived], }, }); @@ -68,11 +63,7 @@ describe("#collections.list", () => { teamId: team.id, archivedAt: new Date(), }); - const res = await server.post("/api/collections.list", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/collections.list", admin); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(0); @@ -89,11 +80,7 @@ describe("#collections.list", () => { permission: null, teamId: user.teamId, }); - const res = await server.post("/api/collections.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/collections.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -112,11 +99,7 @@ describe("#collections.list", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/collections.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/collections.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(2); @@ -149,11 +132,7 @@ describe("#collections.list", () => { createdById: user.id, }, }); - const res = await server.post("/api/collections.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/collections.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(2); @@ -169,11 +148,7 @@ describe("#collections.list", () => { teamId: team.id, archivedAt: new Date(), }); - const res = await server.post("/api/collections.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/collections.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -187,30 +162,21 @@ describe("#collections.list", () => { teamId: team.id, }); - const beforeArchiveRes = await server.post("/api/collections.list", { - body: { - token: user.getJwtToken(), - }, - }); + const beforeArchiveRes = await server.post("/api/collections.list", user); const beforeArchiveBody = await beforeArchiveRes.json(); expect(beforeArchiveRes.status).toEqual(200); expect(beforeArchiveBody.data).toHaveLength(1); expect(beforeArchiveBody.data[0].id).toEqual(collection.id); - const archiveRes = await server.post("/api/collections.archive", { + const archiveRes = await server.post("/api/collections.archive", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); expect(archiveRes.status).toEqual(200); - const afterArchiveRes = await server.post("/api/collections.list", { - body: { - token: user.getJwtToken(), - }, - }); + const afterArchiveRes = await server.post("/api/collections.list", user); const afterArchiveBody = await afterArchiveRes.json(); expect(afterArchiveRes.status).toEqual(200); @@ -221,11 +187,7 @@ describe("#collections.list", () => { describe("#collections.import", () => { it("should error if no attachmentId is passed", async () => { const user = await buildUser(); - const res = await server.post("/api/collections.import", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/collections.import", user); expect(res.status).toEqual(400); }); @@ -248,9 +210,8 @@ describe("#collections.move", () => { it("should require authorization", async () => { const user = await buildUser(); const collection = await buildCollection(); - const res = await server.post("/api/collections.move", { + const res = await server.post("/api/collections.move", user, { body: { - token: user.getJwtToken(), id: collection.id, index: "P", }, @@ -262,9 +223,8 @@ describe("#collections.move", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.move", { + const res = await server.post("/api/collections.move", admin, { body: { - token: admin.getJwtToken(), id: collection.id, index: "P", icon: "flame", @@ -279,9 +239,8 @@ describe("#collections.move", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.move", { + const res = await server.post("/api/collections.move", admin, { body: { - token: admin.getJwtToken(), id: collection.id, index: "P", icon: "😁", @@ -296,9 +255,8 @@ describe("#collections.move", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.move", { + const res = await server.post("/api/collections.move", admin, { body: { - token: admin.getJwtToken(), id: collection.id, icon: "nonsRence", }, @@ -310,9 +268,8 @@ describe("#collections.move", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.move", { + const res = await server.post("/api/collections.move", admin, { body: { - token: admin.getJwtToken(), id: collection.id, index: "يونيكود", }, @@ -330,9 +287,9 @@ describe("#collections.move", () => { }); const createdCollectionResponse = await server.post( "/api/collections.create", + user, { body: { - token: user.getJwtToken(), name: "Test", sharing: false, index: "Q", @@ -340,13 +297,16 @@ describe("#collections.move", () => { } ); await createdCollectionResponse.json(); - const movedCollectionRes = await server.post("/api/collections.move", { - body: { - token: admin.getJwtToken(), - id: collection.id, - index: "Q", - }, - }); + const movedCollectionRes = await server.post( + "/api/collections.move", + admin, + { + body: { + id: collection.id, + index: "Q", + }, + } + ); const movedCollection = await movedCollectionRes.json(); expect(movedCollectionRes.status).toEqual(200); expect(movedCollection.success).toBe(true); @@ -360,9 +320,9 @@ describe("#collections.move", () => { const user = await buildUser({ teamId: team.id }); const createdCollectionAResponse = await server.post( "/api/collections.create", + user, { body: { - token: user.getJwtToken(), name: "A", sharing: false, index: "a", @@ -371,9 +331,9 @@ describe("#collections.move", () => { ); const createdCollectionBResponse = await server.post( "/api/collections.create", + user, { body: { - token: user.getJwtToken(), name: "B", sharing: false, index: "b", @@ -382,9 +342,9 @@ describe("#collections.move", () => { ); const createdCollectionCResponse = await server.post( "/api/collections.create", + user, { body: { - token: user.getJwtToken(), name: "C", sharing: false, index: "c", @@ -396,9 +356,9 @@ describe("#collections.move", () => { const createdCollectionC = await createdCollectionCResponse.json(); const movedCollectionCResponse = await server.post( "/api/collections.move", + admin, { body: { - token: admin.getJwtToken(), id: createdCollectionC.data.id, index: "a", }, @@ -420,9 +380,8 @@ describe("#collections.export", () => { permission: null, teamId: user.teamId, }); - const res = await server.post("/api/collections.export", { + const res = await server.post("/api/collections.export", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -441,9 +400,8 @@ describe("#collections.export", () => { userId: admin.id, permission: CollectionPermission.ReadWrite, }); - const res = await server.post("/api/collections.export", { + const res = await server.post("/api/collections.export", admin, { body: { - token: admin.getJwtToken(), id: collection.id, }, }); @@ -470,9 +428,8 @@ describe("#collections.export", () => { createdById: admin.id, }, }); - const res = await server.post("/api/collections.export", { + const res = await server.post("/api/collections.export", admin, { body: { - token: admin.getJwtToken(), id: collection.id, }, }); @@ -493,9 +450,8 @@ describe("#collections.export", () => { userId: admin.id, teamId: admin.teamId, }); - const res = await server.post("/api/collections.export", { + const res = await server.post("/api/collections.export", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -507,9 +463,8 @@ describe("#collections.export", () => { const collection = await buildCollection({ teamId: admin.teamId, }); - const res = await server.post("/api/collections.export", { + const res = await server.post("/api/collections.export", admin, { body: { - token: admin.getJwtToken(), id: collection.id, }, }); @@ -530,21 +485,13 @@ describe("#collections.export_all", () => { it("should require authorization", async () => { const user = await buildUser(); - const res = await server.post("/api/collections.export_all", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/collections.export_all", user); expect(res.status).toEqual(403); }); it("should return success", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/collections.export_all", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/collections.export_all", admin); expect(res.status).toEqual(200); }); }); @@ -566,9 +513,8 @@ describe("#collections.add_user", () => { userId: user.id, permission: CollectionPermission.Admin, }); - const res = await server.post("/api/collections.add_user", { + const res = await server.post("/api/collections.add_user", user, { body: { - token: user.getJwtToken(), id: collection.id, userId: anotherUser.id, }, @@ -588,9 +534,8 @@ describe("#collections.add_user", () => { const anotherUser = await buildUser({ teamId: admin.teamId, }); - const res = await server.post("/api/collections.add_user", { + const res = await server.post("/api/collections.add_user", admin, { body: { - token: admin.getJwtToken(), id: collection.id, userId: anotherUser.id, }, @@ -606,9 +551,8 @@ describe("#collections.add_user", () => { teamId: user.teamId, permission: null, }); - const res = await server.post("/api/collections.add_user", { + const res = await server.post("/api/collections.add_user", user, { body: { - token: user.getJwtToken(), id: collection.id, userId: user.id, }, @@ -625,9 +569,8 @@ describe("#collections.add_user", () => { permission: null, }); const anotherUser = await buildUser(); - const res = await server.post("/api/collections.add_user", { + const res = await server.post("/api/collections.add_user", user, { body: { - token: user.getJwtToken(), id: collection.id, userId: anotherUser.id, }, @@ -648,9 +591,8 @@ describe("#collections.add_user", () => { const anotherUser = await buildUser({ teamId: user.teamId, }); - const res = await server.post("/api/collections.add_user", { + const res = await server.post("/api/collections.add_user", user, { body: { - token: user.getJwtToken(), id: collection.id, userId: anotherUser.id, }, @@ -670,9 +612,8 @@ describe("#collections.add_group", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/collections.add_group", { + const res = await server.post("/api/collections.add_group", user, { body: { - token: user.getJwtToken(), id: collection.id, groupId: group.id, }, @@ -692,9 +633,8 @@ describe("#collections.add_group", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/collections.add_group", { + const res = await server.post("/api/collections.add_group", user, { body: { - token: user.getJwtToken(), id: collection.id, groupId: group.id, permission: null, @@ -715,9 +655,8 @@ describe("#collections.add_group", () => { permission: null, }); const group = await buildGroup(); - const res = await server.post("/api/collections.add_group", { + const res = await server.post("/api/collections.add_group", user, { body: { - token: user.getJwtToken(), id: collection.id, groupId: group.id, }, @@ -738,9 +677,8 @@ describe("#collections.add_group", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/collections.add_group", { + const res = await server.post("/api/collections.add_group", user, { body: { - token: user.getJwtToken(), id: collection.id, groupId: group.id, }, @@ -760,18 +698,16 @@ describe("#collections.remove_group", () => { const group = await buildGroup({ teamId: user.teamId, }); - await server.post("/api/collections.add_group", { + await server.post("/api/collections.add_group", user, { body: { - token: user.getJwtToken(), id: collection.id, groupId: group.id, }, }); let groups = await collection.$get("groups"); expect(groups.length).toEqual(1); - const res = await server.post("/api/collections.remove_group", { + const res = await server.post("/api/collections.remove_group", user, { body: { - token: user.getJwtToken(), id: collection.id, groupId: group.id, }, @@ -788,9 +724,8 @@ describe("#collections.remove_group", () => { permission: null, }); const group = await buildGroup(); - const res = await server.post("/api/collections.remove_group", { + const res = await server.post("/api/collections.remove_group", user, { body: { - token: user.getJwtToken(), id: collection.id, groupId: group.id, }, @@ -811,9 +746,8 @@ describe("#collections.remove_group", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/collections.remove_group", { + const res = await server.post("/api/collections.remove_group", user, { body: { - token: user.getJwtToken(), id: collection.id, groupId: group.id, }, @@ -833,16 +767,14 @@ describe("#collections.remove_user", () => { const anotherUser = await buildUser({ teamId: admin.teamId, }); - await server.post("/api/collections.add_user", { + await server.post("/api/collections.add_user", admin, { body: { - token: admin.getJwtToken(), id: collection.id, userId: anotherUser.id, }, }); - const res = await server.post("/api/collections.remove_user", { + const res = await server.post("/api/collections.remove_user", admin, { body: { - token: admin.getJwtToken(), id: collection.id, userId: anotherUser.id, }, @@ -862,9 +794,8 @@ describe("#collections.remove_user", () => { const nonMember = await buildUser({ teamId: admin.teamId, }); - const res = await server.post("/api/collections.remove_user", { + const res = await server.post("/api/collections.remove_user", admin, { body: { - token: admin.getJwtToken(), id: collection.id, userId: nonMember.id, }, @@ -881,9 +812,8 @@ describe("#collections.remove_user", () => { permission: null, }); const anotherUser = await buildUser(); - const res = await server.post("/api/collections.remove_user", { + const res = await server.post("/api/collections.remove_user", user, { body: { - token: user.getJwtToken(), id: collection.id, userId: anotherUser.id, }, @@ -904,9 +834,8 @@ describe("#collections.remove_user", () => { const anotherUser = await buildUser({ teamId: user.teamId, }); - const res = await server.post("/api/collections.remove_user", { + const res = await server.post("/api/collections.remove_user", user, { body: { - token: user.getJwtToken(), id: collection.id, userId: anotherUser.id, }, @@ -937,9 +866,8 @@ describe("#collections.group_memberships", () => { groupId: group.id, permission: CollectionPermission.ReadWrite, }); - const res = await server.post("/api/collections.group_memberships", { + const res = await server.post("/api/collections.group_memberships", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -987,9 +915,8 @@ describe("#collections.group_memberships", () => { groupId: group2.id, permission: CollectionPermission.ReadWrite, }); - const res = await server.post("/api/collections.group_memberships", { + const res = await server.post("/api/collections.group_memberships", user, { body: { - token: user.getJwtToken(), id: collection.id, query: "will", }, @@ -1030,9 +957,8 @@ describe("#collections.group_memberships", () => { groupId: group2.id, permission: CollectionPermission.Read, }); - const res = await server.post("/api/collections.group_memberships", { + const res = await server.post("/api/collections.group_memberships", user, { body: { - token: user.getJwtToken(), id: collection.id, permission: CollectionPermission.Read, }, @@ -1056,9 +982,8 @@ describe("#collections.group_memberships", () => { permission: null, teamId: user.teamId, }); - const res = await server.post("/api/collections.group_memberships", { + const res = await server.post("/api/collections.group_memberships", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1077,9 +1002,8 @@ describe("#collections.memberships", () => { collection.permission = null; await collection.save(); - const res = await server.post("/api/collections.memberships", { + const res = await server.post("/api/collections.memberships", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1111,9 +1035,8 @@ describe("#collections.memberships", () => { userId: user2.id, permission: CollectionPermission.ReadWrite, }); - const res = await server.post("/api/collections.memberships", { + const res = await server.post("/api/collections.memberships", user, { body: { - token: user.getJwtToken(), id: collection.id, query: user.name.slice(0, 3), }, @@ -1144,9 +1067,8 @@ describe("#collections.memberships", () => { userId: user2.id, permission: CollectionPermission.Read, }); - const res = await server.post("/api/collections.memberships", { + const res = await server.post("/api/collections.memberships", user, { body: { - token: user.getJwtToken(), id: collection.id, permission: CollectionPermission.Read, }, @@ -1167,9 +1089,8 @@ describe("#collections.memberships", () => { it("should require authorization", async () => { const collection = await buildCollection(); const user = await buildUser(); - const res = await server.post("/api/collections.memberships", { + const res = await server.post("/api/collections.memberships", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1187,9 +1108,8 @@ describe("#collections.info", () => { archivedAt: new Date(), archivedById: user.id, }); - const res = await server.post("/api/collections.info", { + const res = await server.post("/api/collections.info", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1205,9 +1125,8 @@ describe("#collections.info", () => { userId: user.id, teamId: team.id, }); - const res = await server.post("/api/collections.info", { + const res = await server.post("/api/collections.info", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1223,9 +1142,8 @@ describe("#collections.info", () => { userId: user.id, teamId: team.id, }); - const res = await server.post("/api/collections.info", { + const res = await server.post("/api/collections.info", user, { body: { - token: user.getJwtToken(), id: `any-slug-${collection.urlId}`, }, }); @@ -1250,9 +1168,8 @@ describe("#collections.info", () => { userId: user.id, }, }); - const res = await server.post("/api/collections.info", { + const res = await server.post("/api/collections.info", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1274,9 +1191,8 @@ describe("#collections.info", () => { createdById: user.id, permission: CollectionPermission.Read, }); - const res = await server.post("/api/collections.info", { + const res = await server.post("/api/collections.info", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1295,9 +1211,8 @@ describe("#collections.info", () => { it("should require authorization", async () => { const collection = await buildCollection(); const user = await buildUser(); - const res = await server.post("/api/collections.info", { + const res = await server.post("/api/collections.info", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1315,9 +1230,8 @@ describe("#collections.create", () => { it("should create collection", async () => { const user = await buildUser(); - const res = await server.post("/api/collections.create", { + const res = await server.post("/api/collections.create", user, { body: { - token: user.getJwtToken(), name: "Test", }, }); @@ -1333,9 +1247,8 @@ describe("#collections.create", () => { it("should error when index is invalid", async () => { const user = await buildUser(); - const res = await server.post("/api/collections.create", { + const res = await server.post("/api/collections.create", user, { body: { - token: user.getJwtToken(), name: "Test", index: "يونيكود", }, @@ -1345,9 +1258,8 @@ describe("#collections.create", () => { it("should allow setting sharing to false", async () => { const user = await buildUser(); - const res = await server.post("/api/collections.create", { + const res = await server.post("/api/collections.create", user, { body: { - token: user.getJwtToken(), name: "Test", sharing: false, }, @@ -1360,9 +1272,8 @@ describe("#collections.create", () => { it("should return correct policies with private collection", async () => { const user = await buildUser(); - const res = await server.post("/api/collections.create", { + const res = await server.post("/api/collections.create", user, { body: { - token: user.getJwtToken(), name: "Test", permission: null, }, @@ -1381,15 +1292,13 @@ describe("#collections.create", () => { buildAdmin({ teamId: team.id }), ]); - const resA = await server.post("/api/collections.create", { + const resA = await server.post("/api/collections.create", adminA, { body: { - token: adminA.getJwtToken(), name: "Test A", }, }); - const resB = await server.post("/api/collections.create", { + const resB = await server.post("/api/collections.create", adminB, { body: { - token: adminB.getJwtToken(), name: "Test B", }, }); @@ -1404,9 +1313,9 @@ describe("#collections.create", () => { const user = await buildUser(); const createdCollectionAResponse = await server.post( "/api/collections.create", + user, { body: { - token: user.getJwtToken(), name: "A", sharing: false, index: "a", @@ -1416,9 +1325,9 @@ describe("#collections.create", () => { await createdCollectionAResponse.json(); const createCollectionResponse = await server.post( "/api/collections.create", + user, { body: { - token: user.getJwtToken(), name: "C", sharing: false, index: "a", @@ -1435,9 +1344,9 @@ describe("#collections.create", () => { const user = await buildUser(); const createdCollectionAResponse = await server.post( "/api/collections.create", + user, { body: { - token: user.getJwtToken(), name: "A", sharing: false, index: "a", @@ -1446,9 +1355,9 @@ describe("#collections.create", () => { ); const createdCollectionBResponse = await server.post( "/api/collections.create", + user, { body: { - token: user.getJwtToken(), name: "B", sharing: false, index: "b", @@ -1459,9 +1368,9 @@ describe("#collections.create", () => { await createdCollectionBResponse.json(); const createCollectionResponse = await server.post( "/api/collections.create", + user, { body: { - token: user.getJwtToken(), name: "C", sharing: false, index: "a", @@ -1493,9 +1402,8 @@ describe("#collections.update", () => { it("should require authorization", async () => { const collection = await buildCollection(); const user = await buildUser(); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", user, { body: { - token: user.getJwtToken(), id: collection.id, name: "Test", }, @@ -1507,9 +1415,8 @@ describe("#collections.update", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, name: "Test", }, @@ -1524,9 +1431,8 @@ describe("#collections.update", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, description: "Test", }, @@ -1545,9 +1451,8 @@ describe("#collections.update", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, data: { content: [ @@ -1570,9 +1475,8 @@ describe("#collections.update", () => { field: "index", direction: "desc", }; - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, sort, }, @@ -1587,9 +1491,8 @@ describe("#collections.update", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, permission: null, }, @@ -1604,9 +1507,8 @@ describe("#collections.update", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, permission: null, name: " Test ", @@ -1633,9 +1535,8 @@ describe("#collections.update", () => { createdById: admin.id, permission: CollectionPermission.ReadWrite, }); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, permission: CollectionPermission.ReadWrite, name: "Test", @@ -1662,9 +1563,8 @@ describe("#collections.update", () => { createdById: admin.id, permission: CollectionPermission.ReadWrite, }); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, name: "Test", }, @@ -1695,9 +1595,8 @@ describe("#collections.update", () => { createdById: user.id, }, }); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", user, { body: { - token: user.getJwtToken(), id: collection.id, name: "Test", }, @@ -1729,9 +1628,8 @@ describe("#collections.update", () => { }, } ); - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", user, { body: { - token: user.getJwtToken(), id: collection.id, name: "Test", }, @@ -1747,9 +1645,8 @@ describe("#collections.update", () => { field: "blah", direction: "desc", }; - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, sort, }, @@ -1765,9 +1662,8 @@ describe("#collections.update", () => { field: "title", direction: "blah", }; - const res = await server.post("/api/collections.update", { + const res = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, sort, }, @@ -1787,9 +1683,8 @@ describe("#collections.delete", () => { it("should require authorization", async () => { const collection = await buildCollection(); const user = await buildUser(); - const res = await server.post("/api/collections.delete", { + const res = await server.post("/api/collections.delete", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1800,9 +1695,8 @@ describe("#collections.delete", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const collection = await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.delete", { + const res = await server.post("/api/collections.delete", admin, { body: { - token: admin.getJwtToken(), id: collection.id, }, }); @@ -1815,9 +1709,8 @@ describe("#collections.delete", () => { const collection = await buildCollection({ teamId: team.id }); await buildCollection({ teamId: team.id }); - const res = await server.post("/api/collections.delete", { + const res = await server.post("/api/collections.delete", admin, { body: { - token: admin.getJwtToken(), id: collection.id, }, }); @@ -1840,9 +1733,8 @@ describe("#collections.delete", () => { collectionId: collection.id, archivedAt: new Date(), }); - const res = await server.post("/api/collections.delete", { + const res = await server.post("/api/collections.delete", admin, { body: { - token: admin.getJwtToken(), id: collection.id, }, }); @@ -1881,9 +1773,8 @@ describe("#collections.delete", () => { createdById: user.id, }, }); - const res = await server.post("/api/collections.delete", { + const res = await server.post("/api/collections.delete", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -1907,9 +1798,8 @@ describe("#collections.archive", () => { await collection.reload(); expect(collection.documentStructure).not.toBe(null); expect(document.archivedAt).toBe(null); - const res = await server.post("/api/collections.archive", { + const res = await server.post("/api/collections.archive", admin, { body: { - token: admin.getJwtToken(), id: collection.id, }, }); @@ -1941,9 +1831,8 @@ describe("#collections.restore", () => { // reload to ensure documentStructure is set await collection.reload(); expect(collection.documentStructure).not.toBe(null); - const archiveRes = await server.post("/api/collections.archive", { + const archiveRes = await server.post("/api/collections.archive", admin, { body: { - token: admin.getJwtToken(), id: collection.id, }, }); @@ -1953,9 +1842,8 @@ describe("#collections.restore", () => { ]); expect(archiveRes.status).toEqual(200); expect(archiveBody.data.archivedAt).not.toBe(null); - const res = await server.post("/api/collections.restore", { + const res = await server.post("/api/collections.restore", admin, { body: { - token: admin.getJwtToken(), id: collection.id, }, }); @@ -1982,9 +1870,8 @@ describe("#collections.restore", () => { expect(collection.index).toEqual("P"); expect(archivedCollection.index).toEqual("P"); - const res = await server.post("/api/collections.restore", { + const res = await server.post("/api/collections.restore", admin, { body: { - token: admin.getJwtToken(), id: archivedCollection.id, }, }); diff --git a/server/routes/api/comments/comments.test.ts b/server/routes/api/comments/comments.test.ts index 692cb17b76..2c8076a7ac 100644 --- a/server/routes/api/comments/comments.test.ts +++ b/server/routes/api/comments/comments.test.ts @@ -36,9 +36,8 @@ describe("#comments.info", () => { userId: user2.id, documentId: document.id, }); - const res = await server.post("/api/comments.info", { + const res = await server.post("/api/comments.info", user, { body: { - token: user.getJwtToken(), id: comment.id, }, }); @@ -65,9 +64,8 @@ describe("#comments.info", () => { userId: user2.id, documentId: document.id, }); - const res = await server.post("/api/comments.info", { + const res = await server.post("/api/comments.info", user, { body: { - token: user.getJwtToken(), id: comment.id, }, }); @@ -111,9 +109,8 @@ describe("#comments.info", () => { } as ProsemirrorData; await document.update({ content }); - const res = await server.post("/api/comments.info", { + const res = await server.post("/api/comments.info", user, { body: { - token: user.getJwtToken(), id: comment.id, includeAnchorText: true, }, @@ -154,9 +151,8 @@ describe("#comments.info", () => { } as ProsemirrorData; await document.update({ content }); - const res = await server.post("/api/comments.info", { + const res = await server.post("/api/comments.info", user, { body: { - token: user.getJwtToken(), id: comment.id, includeAnchorText: true, }, @@ -194,9 +190,8 @@ describe("#comments.list", () => { documentId: document.id, createdAt: new Date(), }); - const res = await server.post("/api/comments.list", { + const res = await server.post("/api/comments.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -244,9 +239,8 @@ describe("#comments.list", () => { } as ProsemirrorData; await document.update({ content }); - const res = await server.post("/api/comments.list", { + const res = await server.post("/api/comments.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, includeAnchorText: true, sort: "createdAt", @@ -279,9 +273,8 @@ describe("#comments.list", () => { userId: user.id, documentId: document.id, }); - const res = await server.post("/api/comments.list", { + const res = await server.post("/api/comments.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, }, }); @@ -311,9 +304,8 @@ describe("#comments.list", () => { documentId: document.id, parentCommentId: comment.id, }); - const res = await server.post("/api/comments.list", { + const res = await server.post("/api/comments.list", user, { body: { - token: user.getJwtToken(), parentCommentId: comment.id, }, }); @@ -342,9 +334,8 @@ describe("#comments.list", () => { userId: user.id, documentId: document.id, }); - const res = await server.post("/api/comments.list", { + const res = await server.post("/api/comments.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, statusFilter: [CommentStatusFilter.Resolved], }, @@ -390,11 +381,7 @@ describe("#comments.list", () => { userId: user.id, documentId: document2.id, }); - const res = await server.post("/api/comments.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/comments.list", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -425,9 +412,8 @@ describe("#comments.list", () => { reactions, }); - const res = await server.post("/api/comments.list", { + const res = await server.post("/api/comments.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -464,9 +450,8 @@ describe("#comments.create", () => { documentId: document.id, }); - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: comment.data, }, @@ -491,9 +476,8 @@ describe("#comments.create", () => { const text = "test\n\n- list item 1\n- list item 2"; - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, text, }, @@ -515,17 +499,15 @@ describe("#comments.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: null, }, }); - const anotherRes = await server.post("/api/comments.create", { + const anotherRes = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: { type: "doc", @@ -546,9 +528,8 @@ describe("#comments.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: { type: "doc", @@ -573,9 +554,8 @@ describe("#comments.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: { type: "doc", @@ -608,9 +588,8 @@ describe("#comments.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: { type: "doc", @@ -643,9 +622,8 @@ describe("#comments.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: { type: "nonsense", @@ -664,9 +642,8 @@ describe("#comments.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: { type: "doc", @@ -692,9 +669,8 @@ describe("#comments.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: { type: "doc", @@ -730,9 +706,8 @@ describe("#comments.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/comments.create", { + const res = await server.post("/api/comments.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, data: { type: "doc", @@ -796,9 +771,8 @@ describe("#comments.update", () => { documentId: document.id, }); - const res = await server.post("/api/comments.update", { + const res = await server.post("/api/comments.update", user, { body: { - token: user.getJwtToken(), id: comment.id, data: comment.data, }, @@ -825,9 +799,8 @@ describe("#comments.update", () => { documentId: document.id, }); - const res = await server.post("/api/comments.update", { + const res = await server.post("/api/comments.update", user, { body: { - token: user.getJwtToken(), id: comment.id, data: { type: "doc", @@ -867,9 +840,8 @@ describe("#comments.resolve", () => { documentId: document.id, }); - const res = await server.post("/api/comments.resolve", { + const res = await server.post("/api/comments.resolve", user, { body: { - token: user.getJwtToken(), id: comment.id, }, }); @@ -907,9 +879,8 @@ describe("#comments.resolve", () => { parentCommentId: parentComment.id, }); - const res = await server.post("/api/comments.resolve", { + const res = await server.post("/api/comments.resolve", user, { body: { - token: user.getJwtToken(), id: comment.id, }, }); @@ -938,9 +909,8 @@ describe("#comments.unresolve", () => { documentId: document.id, }); - const res = await server.post("/api/comments.unresolve", { + const res = await server.post("/api/comments.unresolve", user, { body: { - token: user.getJwtToken(), id: comment.id, }, }); @@ -980,9 +950,8 @@ describe("#comments.add_reaction", () => { documentId: document.id, }); - const res = await server.post("/api/comments.add_reaction", { + const res = await server.post("/api/comments.add_reaction", user, { body: { - token: user.getJwtToken(), id: comment.id, emoji: "😄", }, @@ -1016,9 +985,8 @@ describe("#comments.add_reaction", () => { reactions: [{ emoji: "😄", userIds: ["test-user"] }], }); - const res = await server.post("/api/comments.add_reaction", { + const res = await server.post("/api/comments.add_reaction", user, { body: { - token: user.getJwtToken(), id: comment.id, emoji: "😄", }, @@ -1055,9 +1023,8 @@ describe("#comments.add_reaction", () => { createdById: user.id, }); - const res = await server.post("/api/comments.add_reaction", { + const res = await server.post("/api/comments.add_reaction", user, { body: { - token: user.getJwtToken(), id: comment.id, emoji: emoji.id, }, @@ -1094,9 +1061,8 @@ describe("#comments.add_reaction", () => { teamId: otherTeam.id, }); - const res = await server.post("/api/comments.add_reaction", { + const res = await server.post("/api/comments.add_reaction", user, { body: { - token: user.getJwtToken(), id: comment.id, emoji: emoji.id, }, @@ -1134,9 +1100,8 @@ describe("#comments.remove_reaction", () => { { hooks: false } ); - const res = await server.post("/api/comments.remove_reaction", { + const res = await server.post("/api/comments.remove_reaction", user, { body: { - token: user.getJwtToken(), id: comment.id, emoji: "😄", }, @@ -1176,9 +1141,8 @@ describe("#comments.remove_reaction", () => { { hooks: false } ); - const res = await server.post("/api/comments.remove_reaction", { + const res = await server.post("/api/comments.remove_reaction", user, { body: { - token: user.getJwtToken(), id: comment.id, emoji: "😄", }, diff --git a/server/routes/api/documents/documents.test.ts b/server/routes/api/documents/documents.test.ts index 1e06fe1b24..1c35680930 100644 --- a/server/routes/api/documents/documents.test.ts +++ b/server/routes/api/documents/documents.test.ts @@ -63,9 +63,8 @@ describe("#documents.info", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -80,9 +79,8 @@ describe("#documents.info", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), id: document.urlId, }, }); @@ -98,9 +96,8 @@ describe("#documents.info", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -118,9 +115,8 @@ describe("#documents.info", () => { const document = await buildDocument({ collectionId: collection.id, }); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -133,9 +129,8 @@ describe("#documents.info", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -179,16 +174,14 @@ describe("#documents.info", () => { teamId: user.teamId, userId: user.id, }); - await server.post("/api/collections.delete", { + await server.post("/api/collections.delete", user, { body: { id: collection.id, - token: user.getJwtToken(), }, }); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user2, { body: { id: doc.id, - token: user2.getJwtToken(), }, }); expect(res.status).toEqual(403); @@ -206,16 +199,14 @@ describe("#documents.info", () => { teamId: user.teamId, userId: user.id, }); - await server.post("/api/collections.delete", { + await server.post("/api/collections.delete", user, { body: { id: collection.id, - token: user.getJwtToken(), }, }); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { id: doc.id, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -405,9 +396,8 @@ describe("#documents.info", () => { teamId: document.teamId, userId: user.id, }); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), shareId: share.id, }, }); @@ -430,9 +420,8 @@ describe("#documents.info", () => { teamId: document.teamId, userId: user.id, }); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), shareId: share.id, }, }); @@ -460,9 +449,8 @@ describe("#documents.info", () => { teamId: document.teamId, userId: user.id, }); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), shareId: share.id, }, }); @@ -473,9 +461,8 @@ describe("#documents.info", () => { it("should not error if document doesn't exist", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), id: "9bcbf864-1090-4eb6-ba05-4da0c3a5c58e", }, }); @@ -495,9 +482,8 @@ describe("#documents.info", () => { it("should require authorization with incorrect token", async () => { const document = await buildDocument(); const user = await buildUser(); - const res = await server.post("/api/documents.info", { + const res = await server.post("/api/documents.info", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -523,9 +509,8 @@ describe("#documents.export", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.export", { + const res = await server.post("/api/documents.export", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -540,9 +525,8 @@ describe("#documents.export", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.export", { + const res = await server.post("/api/documents.export", user, { body: { - token: user.getJwtToken(), id: document.id, }, headers: { @@ -560,9 +544,8 @@ describe("#documents.export", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.export", { + const res = await server.post("/api/documents.export", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -580,9 +563,8 @@ describe("#documents.export", () => { const document = await buildDocument({ collectionId: collection.id, }); - const res = await server.post("/api/documents.export", { + const res = await server.post("/api/documents.export", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -595,9 +577,8 @@ describe("#documents.export", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.export", { + const res = await server.post("/api/documents.export", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -619,9 +600,8 @@ describe("#documents.export", () => { it("should require authorization with incorrect token", async () => { const document = await buildDocument(); const user = await buildUser(); - const res = await server.post("/api/documents.export", { + const res = await server.post("/api/documents.export", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -632,9 +612,8 @@ describe("#documents.export", () => { describe("#documents.list", () => { it("should fail for invalid userId", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), userId: "invalid", }, }); @@ -645,9 +624,8 @@ describe("#documents.list", () => { it("should fail for invalid collectionId", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), collectionId: "invalid", }, }); @@ -658,9 +636,8 @@ describe("#documents.list", () => { it("should fail for invalid parentDocumentId", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), parentDocumentId: "invalid", }, }); @@ -671,9 +648,8 @@ describe("#documents.list", () => { it("should fail for invalid backlinkDocumentId", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), backlinkDocumentId: "invalid", }, }); @@ -688,11 +664,7 @@ describe("#documents.list", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -712,9 +684,8 @@ describe("#documents.list", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), parentDocumentId: null, }, }); @@ -730,11 +701,7 @@ describe("#documents.list", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -748,11 +715,7 @@ describe("#documents.list", () => { }); document.archivedAt = new Date(); await document.save(); - const res = await server.post("/api/documents.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -781,9 +744,8 @@ describe("#documents.list", () => { }), ]); await withAPIContext(user, (ctx) => docs[0].archiveWithCtx(ctx)); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), statusFilter: [StatusFilter.Archived], collectionId: collection.id, }, @@ -825,9 +787,8 @@ describe("#documents.list", () => { withAPIContext(user, (ctx) => docs[0].archiveWithCtx(ctx)), withAPIContext(user, (ctx) => docs[1].archiveWithCtx(ctx)), ]); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), statusFilter: [StatusFilter.Archived], }, }); @@ -852,11 +813,7 @@ describe("#documents.list", () => { teamId: team.id, }); - const res = await server.post("/api/documents.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -874,9 +831,8 @@ describe("#documents.list", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), direction: "ASC", }, }); @@ -906,9 +862,8 @@ describe("#documents.list", () => { }); await collection.reload(); await collection.addDocumentToStructure(anotherDoc, 0); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, sort: "index", direction: "ASC", @@ -945,9 +900,8 @@ describe("#documents.list", () => { const expectedOrder = documents.slice().reverse(); // First page (offset=0, limit=10) - const res1 = await server.post("/api/documents.list", { + const res1 = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, sort: "index", direction: "ASC", @@ -962,9 +916,8 @@ describe("#documents.list", () => { expect(body1.data[9].id).toEqual(expectedOrder[9].id); // Second page (offset=10, limit=10) - this tests the bug fix - const res2 = await server.post("/api/documents.list", { + const res2 = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, sort: "index", direction: "ASC", @@ -979,9 +932,8 @@ describe("#documents.list", () => { expect(body2.data[9].id).toEqual(expectedOrder[19].id); // Third page (offset=20, limit=10) - const res3 = await server.post("/api/documents.list", { + const res3 = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, sort: "index", direction: "ASC", @@ -1002,9 +954,8 @@ describe("#documents.list", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), collectionId: document.collectionId, }, }); @@ -1038,9 +989,8 @@ describe("#documents.list", () => { }, } ); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, }, }); @@ -1067,9 +1017,8 @@ describe("#documents.list", () => { documentId: document.id, userId: user.id, }); - const res = await server.post("/api/documents.list", { + const res = await server.post("/api/documents.list", user, { body: { - token: user.getJwtToken(), backlinkDocumentId: document.id, }, }); @@ -1094,9 +1043,8 @@ describe("#documents.drafts", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.drafts", { + const res = await server.post("/api/documents.drafts", user, { body: { - token: user.getJwtToken(), collectionId: "invalid", }, }); @@ -1111,9 +1059,8 @@ describe("#documents.drafts", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.drafts", { + const res = await server.post("/api/documents.drafts", user, { body: { - token: user.getJwtToken(), dateFilter: "invalid", }, }); @@ -1128,11 +1075,7 @@ describe("#documents.drafts", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.drafts", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.drafts", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -1154,11 +1097,7 @@ describe("#documents.drafts", () => { }); drafts.push(draftDocument); - const res = await server.post("/api/documents.drafts", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.drafts", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(drafts.length); @@ -1176,11 +1115,7 @@ describe("#documents.drafts", () => { teamId: user.teamId, }); - const res = await server.post("/api/documents.drafts", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.drafts", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -1209,16 +1144,14 @@ describe("#documents.search_titles", () => { teamId: user.teamId, }); // add member to the document - await server.post("/api/documents.add_user", { + await server.post("/api/documents.add_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: member.id, }, }); - const res = await server.post("/api/documents.search_titles", { + const res = await server.post("/api/documents.search_titles", member, { body: { - token: member.getJwtToken(), query: "title", statusFilter: [StatusFilter.Draft], }, @@ -1248,16 +1181,14 @@ describe("#documents.search_titles", () => { teamId: user.teamId, }); // add member to the document - await server.post("/api/documents.add_user", { + await server.post("/api/documents.add_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: member.id, }, }); - const res = await server.post("/api/documents.search_titles", { + const res = await server.post("/api/documents.search_titles", member, { body: { - token: member.getJwtToken(), query: "title", }, }); @@ -1269,11 +1200,7 @@ describe("#documents.search_titles", () => { it("should fail without query", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.search_titles", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.search_titles", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -1288,9 +1215,8 @@ describe("#documents.search_titles", () => { teamId: user.teamId, title: "Super secret", }); - const res = await server.post("/api/documents.search_titles", { + const res = await server.post("/api/documents.search_titles", user, { body: { - token: user.getJwtToken(), query: "SECRET", }, }); @@ -1309,9 +1235,8 @@ describe("#documents.search_titles", () => { createdAt: subDays(new Date(), 365), updatedAt: subDays(new Date(), 365), }); - const res = await server.post("/api/documents.search_titles", { + const res = await server.post("/api/documents.search_titles", user, { body: { - token: user.getJwtToken(), query: "SECRET", dateFilter: "day", }, @@ -1329,9 +1254,8 @@ describe("#documents.search_titles", () => { title: "Super secret", archivedAt: new Date(), }); - const res = await server.post("/api/documents.search_titles", { + const res = await server.post("/api/documents.search_titles", user, { body: { - token: user.getJwtToken(), query: "SECRET", statusFilter: [StatusFilter.Archived], }, @@ -1349,9 +1273,8 @@ describe("#documents.search_titles", () => { teamId: user.teamId, title: "Super secret", }); - const res = await server.post("/api/documents.search_titles", { + const res = await server.post("/api/documents.search_titles", user, { body: { - token: user.getJwtToken(), query: "SECRET", statusFilter: [StatusFilter.Draft], }, @@ -1369,9 +1292,8 @@ describe("#documents.search_titles", () => { teamId: user.teamId, title: "Super secret", }); - const res = await server.post("/api/documents.search_titles", { + const res = await server.post("/api/documents.search_titles", user, { body: { - token: user.getJwtToken(), query: "SECRET", userId: user.id, }, @@ -1396,9 +1318,8 @@ describe("#documents.search_titles", () => { title: "Super secret", deletedAt: new Date(), }); - const res = await server.post("/api/documents.search_titles", { + const res = await server.post("/api/documents.search_titles", user, { body: { - token: user.getJwtToken(), query: "SECRET", statusFilter: [StatusFilter.Published, StatusFilter.Draft], }, @@ -1422,9 +1343,8 @@ describe("#documents.search", () => { teamId: user.teamId, title: "Much test support", }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "much", }, }); @@ -1486,9 +1406,8 @@ describe("#documents.search", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), shareId: share.id, statusFilter: [StatusFilter.Draft], query: "test", @@ -1542,9 +1461,8 @@ describe("#documents.search", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", }, }); @@ -1575,9 +1493,8 @@ describe("#documents.search", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: `search -random`, }, }); @@ -1601,9 +1518,8 @@ describe("#documents.search", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: `"search term"`, }, }); @@ -1623,9 +1539,8 @@ describe("#documents.search", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", statusFilter: [StatusFilter.Published, StatusFilter.Archived], }, @@ -1637,9 +1552,8 @@ describe("#documents.search", () => { it("should not error when search term is very long", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much much longer search term", }, @@ -1658,9 +1572,8 @@ describe("#documents.search", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", statusFilter: [StatusFilter.Draft], }, @@ -1680,9 +1593,8 @@ describe("#documents.search", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), statusFilter: [StatusFilter.Draft], query: "text", }, @@ -1700,9 +1612,8 @@ describe("#documents.search", () => { publishedAt: null, teamId: user.teamId, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", statusFilter: [StatusFilter.Draft], }, @@ -1720,9 +1631,8 @@ describe("#documents.search", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", statusFilter: [StatusFilter.Published, StatusFilter.Draft], }, @@ -1740,9 +1650,8 @@ describe("#documents.search", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", statusFilter: [StatusFilter.Archived], }, @@ -1767,9 +1676,8 @@ describe("#documents.search", () => { text: "search term", teamId: user.teamId, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", userId: user.id, }, @@ -1799,9 +1707,8 @@ describe("#documents.search", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", collectionId: collection.id, }, @@ -1827,9 +1734,8 @@ describe("#documents.search", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", collectionId: document.collectionId, }, @@ -1853,9 +1759,8 @@ describe("#documents.search", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", }, }); @@ -1866,9 +1771,8 @@ describe("#documents.search", () => { it("should not allow unknown dateFilter values", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "search term", dateFilter: "DROP TABLE students;", }, @@ -1889,9 +1793,8 @@ describe("#documents.search", () => { it("should save search term, hits and source", async () => { const user = await buildUser(); - await server.post("/api/documents.search", { + await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), query: "my term", }, }); @@ -1926,16 +1829,14 @@ describe("#documents.search", () => { teamId: user.teamId, }); // add member to the document - await server.post("/api/documents.add_user", { + await server.post("/api/documents.add_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: member.id, }, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", member, { body: { - token: member.getJwtToken(), query: "title", }, }); @@ -1966,16 +1867,14 @@ describe("#documents.search", () => { teamId: user.teamId, }); // add member to the document - await server.post("/api/documents.add_user", { + await server.post("/api/documents.add_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: member.id, }, }); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", member, { body: { - token: member.getJwtToken(), query: "title", statusFilter: [StatusFilter.Draft], }, @@ -2024,9 +1923,8 @@ describe("#documents.search", () => { title: "document 2 in collection 2", }), ]); - const res = await server.post("/api/documents.search", { + const res = await server.post("/api/documents.search", user, { body: { - token: user.getJwtToken(), collectionId: collection1.id, }, }); @@ -2044,11 +1942,7 @@ describe("#documents.search", () => { describe("#documents.templatize", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.templatize", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.templatize", user); const body = await res.json(); expect(res.status).toBe(400); expect(body.message).toBe("id: Must be a valid UUID or slug"); @@ -2059,9 +1953,8 @@ describe("#documents.templatize", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.templatize", { + const res = await server.post("/api/documents.templatize", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -2082,9 +1975,8 @@ describe("#documents.templatize", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.templatize", { + const res = await server.post("/api/documents.templatize", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, publish: true, @@ -2106,9 +1998,8 @@ describe("#documents.templatize", () => { teamId: admin.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.templatize", { + const res = await server.post("/api/documents.templatize", admin, { body: { - token: admin.getJwtToken(), id: document.id, publish: true, }, @@ -2129,9 +2020,8 @@ describe("#documents.templatize", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.templatize", { + const res = await server.post("/api/documents.templatize", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, publish: false, @@ -2153,9 +2043,8 @@ describe("#documents.templatize", () => { teamId: admin.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.templatize", { + const res = await server.post("/api/documents.templatize", admin, { body: { - token: admin.getJwtToken(), id: document.id, publish: false, }, @@ -2180,9 +2069,8 @@ describe("#documents.templatize", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.templatize", { + const res = await server.post("/api/documents.templatize", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: anotherCollection.id, publish: true, @@ -2204,9 +2092,8 @@ describe("#documents.templatize", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.templatize", { + const res = await server.post("/api/documents.templatize", user, { body: { - token: user.getJwtToken(), id: document.id, publish: true, }, @@ -2232,9 +2119,8 @@ describe("#documents.templatize", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.templatize", { + const res = await server.post("/api/documents.templatize", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, publish: true, @@ -2275,9 +2161,8 @@ describe("#documents.archived", () => { ), ]); - const res = await server.post("/api/documents.archived", { + const res = await server.post("/api/documents.archived", user, { body: { - token: user.getJwtToken(), collectionId: firstCollection.id, }, }); @@ -2318,11 +2203,7 @@ describe("#documents.archived", () => { ), ]); - const res = await server.post("/api/documents.archived", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.archived", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(2); @@ -2335,11 +2216,7 @@ describe("#documents.archived", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.archived", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.archived", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -2352,11 +2229,7 @@ describe("#documents.archived", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx)); - const res = await server.post("/api/documents.archived", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.archived", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -2372,11 +2245,7 @@ describe("#documents.archived", () => { collectionId: collection.id, }); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.archived", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.archived", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -2384,11 +2253,7 @@ describe("#documents.archived", () => { it("should require member", async () => { const viewer = await buildViewer(); - const res = await server.post("/api/documents.archived", { - body: { - token: viewer.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.archived", viewer); expect(res.status).toEqual(403); }); @@ -2406,11 +2271,7 @@ describe("#documents.deleted", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx)); - const res = await server.post("/api/documents.deleted", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.deleted", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -2441,11 +2302,7 @@ describe("#documents.deleted", () => { withAPIContext(user, (ctx) => draftDocument.destroyWithCtx(ctx)), withAPIContext(user2, (ctx) => otherUserDraft.destroyWithCtx(ctx)), ]); - const res = await server.post("/api/documents.deleted", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.deleted", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(2); @@ -2461,11 +2318,7 @@ describe("#documents.deleted", () => { teamId: admin.teamId, }); await withAPIContext(admin, (ctx) => document.destroyWithCtx(ctx)); - const res = await server.post("/api/documents.deleted", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.deleted", admin); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -2484,11 +2337,7 @@ describe("#documents.deleted", () => { collectionId: collection.id, }); await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx)); - const res = await server.post("/api/documents.deleted", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.deleted", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -2496,11 +2345,7 @@ describe("#documents.deleted", () => { it("should require member", async () => { const viewer = await buildViewer(); - const res = await server.post("/api/documents.deleted", { - body: { - token: viewer.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.deleted", viewer); expect(res.status).toEqual(403); }); @@ -2513,11 +2358,7 @@ describe("#documents.deleted", () => { describe("#documents.viewed", () => { it("should return empty result if no views", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.viewed", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.viewed", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -2533,11 +2374,7 @@ describe("#documents.viewed", () => { documentId: document.id, userId: user.id, }); - const res = await server.post("/api/documents.viewed", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.viewed", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -2556,11 +2393,7 @@ describe("#documents.viewed", () => { userId: user.id, }); await document.destroy(); - const res = await server.post("/api/documents.viewed", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.viewed", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -2588,11 +2421,7 @@ describe("#documents.viewed", () => { collectionId: collection.id, }, }); - const res = await server.post("/api/documents.viewed", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.viewed", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -2613,12 +2442,11 @@ describe("#documents.move", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.move", { + const res = await server.post("/api/documents.move", user, { body: { id: document.id, collectionId: document.collectionId, parentDocumentId: document.id, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -2645,12 +2473,11 @@ describe("#documents.move", () => { collectionId: document.collectionId, parentDocumentId: document.id, }); - const res = await server.post("/api/documents.move", { + const res = await server.post("/api/documents.move", user, { body: { id: document.id, collectionId: document.collectionId, parentDocumentId: childDocument.id, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -2676,12 +2503,11 @@ describe("#documents.move", () => { teamId: document.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.move", { + const res = await server.post("/api/documents.move", user, { body: { id: document.id, collectionId: collection.id, parentDocumentId: draft.id, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -2691,11 +2517,7 @@ describe("#documents.move", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.move", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.move", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -2712,9 +2534,8 @@ describe("#documents.move", () => { collectionId: collection.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.move", { + const res = await server.post("/api/documents.move", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, index: -1, @@ -2736,9 +2557,8 @@ describe("#documents.move", () => { collectionId: collection.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.move", { + const res = await server.post("/api/documents.move", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, index: 0, @@ -2758,9 +2578,8 @@ describe("#documents.move", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/documents.move", { + const res = await server.post("/api/documents.move", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, }, @@ -2778,9 +2597,8 @@ describe("#documents.move", () => { teamId: user.teamId, }); const collection = await buildCollection(); - const res = await server.post("/api/documents.move", { + const res = await server.post("/api/documents.move", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, }, @@ -2803,9 +2621,8 @@ describe("#documents.move", () => { collectionId: collection.id, }); const user = await buildUser(); - const res = await server.post("/api/documents.move", { + const res = await server.post("/api/documents.move", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, }, @@ -2827,18 +2644,16 @@ describe("#documents.restore", () => { collectionId: collection.id, }); - const archiveRes = await server.post("/api/collections.archive", { + const archiveRes = await server.post("/api/collections.archive", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); expect(archiveRes.status).toEqual(200); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -2862,9 +2677,8 @@ describe("#documents.restore", () => { collectionId: collection.id, }); - const archiveRes = await server.post("/api/collections.archive", { + const archiveRes = await server.post("/api/collections.archive", user, { body: { - token: user.getJwtToken(), id: collection.id, }, }); @@ -2873,9 +2687,8 @@ describe("#documents.restore", () => { const anotherCollection = await buildCollection(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: anotherCollection.id, }, @@ -2891,11 +2704,7 @@ describe("#documents.restore", () => { teamId: user.teamId, }); await document.destroy(); - const res = await server.post("/api/documents.restore", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.restore", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -2908,9 +2717,8 @@ describe("#documents.restore", () => { teamId: user.teamId, }); await document.destroy(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: "invalid", }, @@ -2933,9 +2741,8 @@ describe("#documents.restore", () => { }); await document.destroy(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -2959,9 +2766,8 @@ describe("#documents.restore", () => { }); await document.destroy(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, }, @@ -2987,9 +2793,8 @@ describe("#documents.restore", () => { }); await document.destroy(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, }, @@ -3005,9 +2810,8 @@ describe("#documents.restore", () => { teamId: user.teamId, }); await document.destroy(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -3027,9 +2831,8 @@ describe("#documents.restore", () => { teamId: user.teamId, }); await document.destroy(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, }, @@ -3059,9 +2862,8 @@ describe("#documents.restore", () => { await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx)); await collection.destroy({ hooks: false }); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: anotherCollection.id, }, @@ -3089,9 +2891,8 @@ describe("#documents.restore", () => { await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx)); await collection.destroy({ hooks: false }); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, }, @@ -3118,9 +2919,8 @@ describe("#documents.restore", () => { collection.archivedAt = new Date(); await collection.save(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, }, @@ -3142,9 +2942,8 @@ describe("#documents.restore", () => { collectionId: collection.id, }); await document.destroy(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, }, @@ -3159,9 +2958,8 @@ describe("#documents.restore", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -3184,9 +2982,8 @@ describe("#documents.restore", () => { }); await withAPIContext(user, (ctx) => childDocument.archiveWithCtx(ctx)); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: childDocument.id, }, }); @@ -3213,9 +3010,8 @@ describe("#documents.restore", () => { document.content = parser.parse("updated")?.toJSON(); await document.save(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, revisionId, }, @@ -3240,9 +3036,8 @@ describe("#documents.restore", () => { anotherDoc ); const revisionId = revision.id; - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, revisionId, }, @@ -3252,9 +3047,8 @@ describe("#documents.restore", () => { it("should not error if document doesn't exist", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: "76fe8ba4-4e6a-4a75-8a10-9bf57330b24c", }, }); @@ -3280,9 +3074,8 @@ describe("#documents.restore", () => { ); const revisionId = revision.id; const user = await buildUser(); - const res = await server.post("/api/documents.restore", { + const res = await server.post("/api/documents.restore", user, { body: { - token: user.getJwtToken(), id: document.id, revisionId, }, @@ -3294,11 +3087,7 @@ describe("#documents.restore", () => { describe("#documents.import", () => { it("should require collectionId or parentDocumentId", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.import", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.import", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -3312,9 +3101,8 @@ describe("#documents.import", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.import", { + const res = await server.post("/api/documents.import", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, }, }); @@ -3355,7 +3143,7 @@ describe("#documents.import", () => { ); const form = new FormData(); form.append("file", content, "markdown.md"); - form.append("token", user.getJwtToken()); + form.append("token", user.getSessionToken()); form.append("collectionId", collection.id); const res = await server.post("/api/documents.import", { @@ -3390,9 +3178,8 @@ describe("#documents.create", () => { title: "template title", text, }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), templateId: template.id, }, }); @@ -3408,9 +3195,8 @@ describe("#documents.create", () => { it("should create a document with empty title if no title is explicitly passed", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), text: "hello", }, }); @@ -3426,9 +3212,8 @@ describe("#documents.create", () => { teamId: user.teamId, title: "template title", }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), templateId: template.id, }, }); @@ -3444,9 +3229,8 @@ describe("#documents.create", () => { teamId: user.teamId, title: "template title", }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), templateId: template.id, title: "doc title", }, @@ -3463,9 +3247,8 @@ describe("#documents.create", () => { teamId: user.teamId, text: "template text", }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), templateId: template.id, text: "doc text", }, @@ -3477,9 +3260,8 @@ describe("#documents.create", () => { it("should fail for invalid collectionId", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), collectionId: "invalid", title: "new document", text: "hello", @@ -3492,9 +3274,8 @@ describe("#documents.create", () => { it("should succeed if collectionId is null", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), collectionId: null, title: "new document", text: "hello", @@ -3506,9 +3287,8 @@ describe("#documents.create", () => { it("should succeed with specific createdAt date in the past", async () => { const user = await buildUser(); const createdAt = new Date().toISOString(); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), collectionId: null, title: "new document", createdAt, @@ -3523,9 +3303,8 @@ describe("#documents.create", () => { it("should fail with createdAt date in the future", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), collectionId: null, title: "new document", createdAt: addMinutes(new Date(), 1).toISOString(), @@ -3538,9 +3317,8 @@ describe("#documents.create", () => { it("should fail for invalid parentDocumentId", async () => { const team = await buildTeam(); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), parentDocumentId: "invalid", title: "new document", text: "hello", @@ -3558,9 +3336,8 @@ describe("#documents.create", () => { userId: user.id, teamId: team.id, }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, icon: "🚢", title: "new document", @@ -3580,9 +3357,8 @@ describe("#documents.create", () => { it("should create a draft document not belonging to any collection", async () => { const team = await buildTeam(); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), title: "draft document", text: "draft document without collection", }, @@ -3598,10 +3374,9 @@ describe("#documents.create", () => { it("should allow creating a draft template without a collection", async () => { const team = await buildTeam(); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { template: true, - token: user.getJwtToken(), title: "template", text: "template without collection", }, @@ -3616,9 +3391,8 @@ describe("#documents.create", () => { it("should not allow publishing without specifying the collection", async () => { const team = await buildTeam(); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), title: "title", text: "text", publish: true, @@ -3639,9 +3413,8 @@ describe("#documents.create", () => { userId: user.id, teamId: team.id, }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, title: "This is a really long title that is not acceptable to Outline because it is so ridiculously long that we need to have a limit somewhere", @@ -3663,9 +3436,8 @@ describe("#documents.create", () => { userId: user.id, teamId: team.id, }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, title: "This text would be exactly 100 chars long if the following unicode character was counted as 1 char 🛡", @@ -3687,9 +3459,8 @@ describe("#documents.create", () => { collectionId: collection.id, teamId: team.id, }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), parentDocumentId: document.id, title: "new document", text: "hello", @@ -3705,9 +3476,8 @@ describe("#documents.create", () => { it("should error with invalid parentDocument", async () => { const team = await buildTeam(); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), parentDocumentId: "d7a4eb73-fac1-4028-af45-d7e34d54db8e", title: "new document", text: "hello", @@ -3730,9 +3500,8 @@ describe("#documents.create", () => { collectionId: collection.id, teamId: team.id, }); - const res = await server.post("/api/documents.create", { + const res = await server.post("/api/documents.create", user, { body: { - token: user.getJwtToken(), parentDocumentId: document.id, title: "new document", text: "hello", @@ -3753,9 +3522,8 @@ describe("#documents.update", () => { teamId: user.teamId, icon: "library", }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: "Updated title", text: "Updated text", @@ -3784,9 +3552,8 @@ describe("#documents.update", () => { collectionId: null, }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: "Updated title", text: "Updated text", @@ -3815,9 +3582,8 @@ describe("#documents.update", () => { userId: user.id, collectionId: null, }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: "Updated title", text: "Updated text", @@ -3847,9 +3613,8 @@ describe("#documents.update", () => { const anotherTeam = await buildTeam(); user.teamId = anotherTeam.id; await user.save(); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: "Updated title", text: "Updated text", @@ -3867,9 +3632,8 @@ describe("#documents.update", () => { teamId: user.teamId, }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, icon: ":)", }, @@ -3886,9 +3650,8 @@ describe("#documents.update", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, icon: "beaker", color: "#FFDDEE", @@ -3908,9 +3671,8 @@ describe("#documents.update", () => { icon: "beaker", color: "#FFDDEE", }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, icon: null, color: null, @@ -3945,9 +3707,8 @@ describe("#documents.update", () => { }, } ); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, collectionId: collection.id, title: "Updated title", @@ -3974,9 +3735,8 @@ describe("#documents.update", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: "Updated title", text: "Updated text", @@ -4014,9 +3774,8 @@ describe("#documents.update", () => { }, ]; await collection.save(); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: "Updated title", }, @@ -4052,9 +3811,8 @@ describe("#documents.update", () => { }, } ); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: "Changed text", }, @@ -4091,9 +3849,8 @@ describe("#documents.update", () => { }, } ); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, text: "Changed text", }, @@ -4121,9 +3878,8 @@ describe("#documents.update", () => { collectionId: collection.id, }, }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, text: "Changed text", }, @@ -4137,9 +3893,8 @@ describe("#documents.update", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, text: "Additional text", append: true, @@ -4157,9 +3912,8 @@ describe("#documents.update", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: "Updated Title", append: true, @@ -4176,9 +3930,8 @@ describe("#documents.update", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: "Updated Title", text: "", @@ -4195,9 +3948,8 @@ describe("#documents.update", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, title: document.title, }, @@ -4227,9 +3979,8 @@ describe("#documents.update", () => { it("should require authorization", async () => { const document = await buildDocument(); const user = await buildUser(); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, text: "Updated", }, @@ -4240,9 +3991,8 @@ describe("#documents.update", () => { it("should fail for invalid collectionId", async () => { const document = await buildDocument(); const user = await buildUser(); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), id: document.id, text: "Updated", collectionId: "invalid", @@ -4255,9 +4005,8 @@ describe("#documents.update", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.update", { + const res = await server.post("/api/documents.update", user, { body: { - token: user.getJwtToken(), text: "Updated", }, }); @@ -4270,11 +4019,7 @@ describe("#documents.update", () => { describe("#documents.archive", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.archive", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.archive", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -4292,9 +4037,8 @@ describe("#documents.archive", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.archive", { + const res = await server.post("/api/documents.archive", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4318,11 +4062,7 @@ describe("#documents.archive", () => { describe("#documents.delete", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.delete", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.delete", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -4334,9 +4074,8 @@ describe("#documents.delete", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.delete", { + const res = await server.post("/api/documents.delete", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4352,9 +4091,8 @@ describe("#documents.delete", () => { userId: user.id, deletedAt: null, }); - const res = await server.post("/api/documents.delete", { + const res = await server.post("/api/documents.delete", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4379,9 +4117,8 @@ describe("#documents.delete", () => { userId: anotherUser.id, collectionId: null, }); - const res = await server.post("/api/documents.delete", { + const res = await server.post("/api/documents.delete", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4403,9 +4140,8 @@ describe("#documents.delete", () => { publishedAt: null, }); - const res = await server.post("/api/documents.delete", { + const res = await server.post("/api/documents.delete", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4424,15 +4160,13 @@ describe("#documents.delete", () => { userId: user.id, teamId: user.teamId, }); - await server.post("/api/documents.delete", { + await server.post("/api/documents.delete", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); - const res = await server.post("/api/documents.delete", { + const res = await server.post("/api/documents.delete", user, { body: { - token: user.getJwtToken(), id: document.id, permanent: true, }, @@ -4449,15 +4183,13 @@ describe("#documents.delete", () => { userId: user.id, teamId: team.id, }); - await server.post("/api/documents.delete", { + await server.post("/api/documents.delete", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); - const res = await server.post("/api/documents.delete", { + const res = await server.post("/api/documents.delete", user, { body: { - token: user.getJwtToken(), id: document.id, permanent: true, }, @@ -4483,9 +4215,8 @@ describe("#documents.delete", () => { await collection.destroy({ hooks: false, }); - const res = await server.post("/api/documents.delete", { + const res = await server.post("/api/documents.delete", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4510,11 +4241,7 @@ describe("#documents.delete", () => { describe("#documents.unpublish", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.unpublish", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.unpublish", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -4526,9 +4253,8 @@ describe("#documents.unpublish", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.unpublish", { + const res = await server.post("/api/documents.unpublish", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4557,9 +4283,8 @@ describe("#documents.unpublish", () => { parentDocumentId: document.id, }); await withAPIContext(user, (ctx) => child.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.unpublish", { + const res = await server.post("/api/documents.unpublish", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4581,9 +4306,8 @@ describe("#documents.unpublish", () => { teamId: user.teamId, collectionId: collection.id, }); - const res = await server.post("/api/documents.unpublish", { + const res = await server.post("/api/documents.unpublish", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4603,9 +4327,8 @@ describe("#documents.unpublish", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/documents.unpublish", { + const res = await server.post("/api/documents.unpublish", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4619,9 +4342,8 @@ describe("#documents.unpublish", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx)); - const res = await server.post("/api/documents.unpublish", { + const res = await server.post("/api/documents.unpublish", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4635,9 +4357,8 @@ describe("#documents.unpublish", () => { teamId: user.teamId, }); await withAPIContext(user, (ctx) => document.archiveWithCtx(ctx)); - const res = await server.post("/api/documents.unpublish", { + const res = await server.post("/api/documents.unpublish", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4682,9 +4403,8 @@ describe("#documents.users", () => { }), ]); - const res = await server.post("/api/documents.users", { + const res = await server.post("/api/documents.users", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4741,9 +4461,8 @@ describe("#documents.users", () => { permission: DocumentPermission.ReadWrite, }); - const res = await server.post("/api/documents.users", { + const res = await server.post("/api/documents.users", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -4839,9 +4558,8 @@ describe("#documents.users", () => { }), ]); - const res = await server.post("/api/documents.users", { + const res = await server.post("/api/documents.users", user, { body: { - token: user.getJwtToken(), id: document.id, query: "Al", }, @@ -4853,9 +4571,8 @@ describe("#documents.users", () => { expect(body.data[0].id).toContain(alan.id); expect(body.data[0].name).toBe(alan.name); - const anotherRes = await server.post("/api/documents.users", { + const anotherRes = await server.post("/api/documents.users", user, { body: { - token: user.getJwtToken(), id: document.id, query: "e", }, @@ -4950,9 +4667,8 @@ describe("#documents.users", () => { }), ]); - const res = await server.post("/api/documents.users", { + const res = await server.post("/api/documents.users", user, { body: { - token: user.getJwtToken(), id: document.id, userId: alan.id, }, @@ -4964,9 +4680,8 @@ describe("#documents.users", () => { expect(body.data[0].id).toContain(alan.id); expect(body.data[0].name).toBe(alan.name); - const anotherRes = await server.post("/api/documents.users", { + const anotherRes = await server.post("/api/documents.users", user, { body: { - token: user.getJwtToken(), id: document.id, userId: jamie.id, }, @@ -5035,9 +4750,8 @@ describe("#documents.users", () => { alan.suspendedAt = new Date(); await alan.save(); - const res = await server.post("/api/documents.users", { + const res = await server.post("/api/documents.users", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -5056,11 +4770,7 @@ describe("#documents.users", () => { describe("#documents.add_user", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.add_user", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.add_user", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -5089,9 +4799,8 @@ describe("#documents.add_user", () => { teamId: user.teamId, }); - const res = await server.post("/api/documents.add_user", { + const res = await server.post("/api/documents.add_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: user.id, }, @@ -5116,9 +4825,8 @@ describe("#documents.add_user", () => { }); const member = await buildUser({ teamId: user.teamId }); - const res = await server.post("/api/documents.add_user", { + const res = await server.post("/api/documents.add_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: member.id, }, @@ -5142,11 +4850,7 @@ describe("#documents.add_user", () => { describe("#documents.remove_user", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.remove_user", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.remove_user", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -5168,9 +4872,8 @@ describe("#documents.remove_user", () => { const anotherUser = await buildUser({ teamId: user.teamId, }); - const res = await server.post("/api/documents.remove_user", { + const res = await server.post("/api/documents.remove_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: anotherUser.id, }, @@ -5193,18 +4896,16 @@ describe("#documents.remove_user", () => { const member = await buildUser({ teamId: user.teamId, }); - await server.post("/api/documents.add_user", { + await server.post("/api/documents.add_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: member.id, }, }); let users = await document.$get("users"); expect(users.length).toEqual(1); - const res = await server.post("/api/documents.remove_user", { + const res = await server.post("/api/documents.remove_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: member.id, }, @@ -5218,11 +4919,7 @@ describe("#documents.remove_user", () => { describe("#documents.add_group", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.add_group", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.add_group", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -5246,9 +4943,8 @@ describe("#documents.add_group", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/documents.add_group", { + const res = await server.post("/api/documents.add_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, @@ -5269,9 +4965,8 @@ describe("#documents.add_group", () => { teamId: user.teamId, }); const group = await buildGroup(); - const res = await server.post("/api/documents.add_group", { + const res = await server.post("/api/documents.add_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, @@ -5294,9 +4989,8 @@ describe("#documents.add_group", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/documents.add_group", { + const res = await server.post("/api/documents.add_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, @@ -5332,9 +5026,8 @@ describe("#documents.add_group", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/documents.add_group", { + const res = await server.post("/api/documents.add_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, permission: DocumentPermission.Read, @@ -5368,9 +5061,8 @@ describe("#documents.add_group", () => { }); // First add with Read permission - await server.post("/api/documents.add_group", { + await server.post("/api/documents.add_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, permission: DocumentPermission.Read, @@ -5378,9 +5070,8 @@ describe("#documents.add_group", () => { }); // Then update to ReadWrite permission - const res = await server.post("/api/documents.add_group", { + const res = await server.post("/api/documents.add_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, permission: DocumentPermission.ReadWrite, @@ -5411,11 +5102,7 @@ describe("#documents.add_group", () => { describe("#documents.remove_group", () => { it("should require id", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.remove_group", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.remove_group", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -5439,9 +5126,8 @@ describe("#documents.remove_group", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/documents.remove_group", { + const res = await server.post("/api/documents.remove_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, @@ -5462,9 +5148,8 @@ describe("#documents.remove_group", () => { teamId: user.teamId, }); const group = await buildGroup(); - const res = await server.post("/api/documents.remove_group", { + const res = await server.post("/api/documents.remove_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, @@ -5489,9 +5174,8 @@ describe("#documents.remove_group", () => { }); // First add the group - await server.post("/api/documents.add_group", { + await server.post("/api/documents.add_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, @@ -5503,9 +5187,8 @@ describe("#documents.remove_group", () => { expect(groupMemberships.length).toEqual(1); // Then remove the group - const res = await server.post("/api/documents.remove_group", { + const res = await server.post("/api/documents.remove_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, @@ -5535,9 +5218,8 @@ describe("#documents.remove_group", () => { }); // Try to remove group that was never added - const res = await server.post("/api/documents.remove_group", { + const res = await server.post("/api/documents.remove_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, @@ -5569,24 +5251,21 @@ describe("#documents.memberships", () => { buildUser({ teamId: actor.teamId }), ]); await Promise.all([ - server.post("/api/documents.add_user", { + server.post("/api/documents.add_user", actor, { body: { - token: actor.getJwtToken(), id: document.id, userId: members[0].id, }, }), - server.post("/api/documents.add_user", { + server.post("/api/documents.add_user", actor, { body: { - token: actor.getJwtToken(), id: document.id, userId: members[1].id, }, }), ]); - const res = await server.post("/api/documents.memberships", { + const res = await server.post("/api/documents.memberships", actor, { body: { - token: actor.getJwtToken(), id: document.id, }, }); @@ -5607,26 +5286,23 @@ describe("#documents.memberships", () => { buildUser({ teamId: actor.teamId }), ]); await Promise.all([ - server.post("/api/documents.add_user", { + server.post("/api/documents.add_user", actor, { body: { - token: actor.getJwtToken(), id: document.id, userId: members[0].id, permission: DocumentPermission.ReadWrite, }, }), - server.post("/api/documents.add_user", { + server.post("/api/documents.add_user", actor, { body: { - token: actor.getJwtToken(), id: document.id, userId: members[1].id, permission: DocumentPermission.Read, }, }), ]); - const res = await server.post("/api/documents.memberships", { + const res = await server.post("/api/documents.memberships", actor, { body: { - token: actor.getJwtToken(), id: document.id, permission: DocumentPermission.Read, }, @@ -5652,9 +5328,8 @@ describe("#documents.duplicate", () => { fullWidth: true, }); - const res = await server.post("/api/documents.duplicate", { + const res = await server.post("/api/documents.duplicate", user, { body: { - token: user.getJwtToken(), id: document.id, }, }); @@ -5685,9 +5360,8 @@ describe("#documents.duplicate", () => { fullWidth: true, }); - const res = await server.post("/api/documents.duplicate", { + const res = await server.post("/api/documents.duplicate", user, { body: { - token: user.getJwtToken(), id: parent.id, recursive: true, }, @@ -5710,22 +5384,14 @@ describe("#documents.empty_trash", () => { }); it("should allow admin users", async () => { const user = await buildAdmin(); - const res = await server.post("/api/documents.empty_trash", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.empty_trash", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.success).toEqual(true); }); it("should not allow non-admin users", async () => { const user = await buildUser(); - const res = await server.post("/api/documents.empty_trash", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/documents.empty_trash", user); const body = await res.json(); expect(res.status).toEqual(403); expect(body).toMatchSnapshot(); @@ -5759,9 +5425,8 @@ describe("#documents.documents", () => { title: "Child 2", }); - const res = await server.post("/api/documents.documents", { + const res = await server.post("/api/documents.documents", user, { body: { - token: user.getJwtToken(), id: parent.id, }, }); @@ -5786,9 +5451,8 @@ describe("#documents.documents", () => { teamId: user.teamId, }); - const res = await server.post("/api/documents.documents", { + const res = await server.post("/api/documents.documents", user, { body: { - token: user.getJwtToken(), id: parent.id, }, }); @@ -5807,9 +5471,8 @@ describe("#documents.documents", () => { collectionId: null, }); - const res = await server.post("/api/documents.documents", { + const res = await server.post("/api/documents.documents", user, { body: { - token: user.getJwtToken(), id: doc.id, }, }); @@ -5856,9 +5519,8 @@ describe("#documents.documents", () => { teamId: otherUser.teamId, }); - const res = await server.post("/api/documents.documents", { + const res = await server.post("/api/documents.documents", user, { body: { - token: user.getJwtToken(), id: parent.id, }, }); diff --git a/server/routes/api/emojis/emojis.test.ts b/server/routes/api/emojis/emojis.test.ts index e08a2dcab5..22710f2afa 100644 --- a/server/routes/api/emojis/emojis.test.ts +++ b/server/routes/api/emojis/emojis.test.ts @@ -33,9 +33,8 @@ describe("#emojis.update", () => { userId: user.id, }); - const res = await server.post("/api/emojis.update", { + const res = await server.post("/api/emojis.update", user, { body: { - token: user.getJwtToken(), id: emoji.id, attachmentId: newAttachment.id, }, @@ -69,9 +68,8 @@ describe("#emojis.update", () => { userId: admin.id, }); - const res = await server.post("/api/emojis.update", { + const res = await server.post("/api/emojis.update", admin, { body: { - token: admin.getJwtToken(), id: emoji.id, attachmentId: newAttachment.id, }, @@ -97,9 +95,8 @@ describe("#emojis.update", () => { userId: user.id, }); - const res = await server.post("/api/emojis.update", { + const res = await server.post("/api/emojis.update", user, { body: { - token: user.getJwtToken(), id: emoji.id, attachmentId: newAttachment.id, }, @@ -121,9 +118,8 @@ describe("#emojis.update", () => { userId: user.id, }); - const res = await server.post("/api/emojis.update", { + const res = await server.post("/api/emojis.update", user, { body: { - token: user.getJwtToken(), id: emoji.id, attachmentId: newAttachment.id, }, @@ -139,9 +135,8 @@ describe("#emojis.update", () => { userId: user.id, }); - const res = await server.post("/api/emojis.update", { + const res = await server.post("/api/emojis.update", user, { body: { - token: user.getJwtToken(), id: "00000000-0000-0000-0000-000000000000", attachmentId: newAttachment.id, }, @@ -157,9 +152,8 @@ describe("#emojis.update", () => { createdById: user.id, }); - const res = await server.post("/api/emojis.update", { + const res = await server.post("/api/emojis.update", user, { body: { - token: user.getJwtToken(), id: emoji.id, attachmentId: "00000000-0000-0000-0000-000000000000", }, diff --git a/server/routes/api/events/events.test.ts b/server/routes/api/events/events.test.ts index 82435d6890..fe959be7d1 100644 --- a/server/routes/api/events/events.test.ts +++ b/server/routes/api/events/events.test.ts @@ -37,9 +37,8 @@ describe("#events.list", () => { teamId: user.teamId, actorId: admin.id, }); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, }, }); @@ -76,9 +75,8 @@ describe("#events.list", () => { teamId: user.teamId, actorId: admin.id, }); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", admin, { body: { - token: admin.getJwtToken(), auditLog: true, }, }); @@ -116,9 +114,8 @@ describe("#events.list", () => { teamId: user.teamId, actorId: user.id, }); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", admin, { body: { - token: admin.getJwtToken(), auditLog: true, actorId: admin.id, }, @@ -156,9 +153,8 @@ describe("#events.list", () => { teamId: user.teamId, actorId: user.id, }); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", user, { body: { - token: user.getJwtToken(), actorId: admin.id, }, }); @@ -193,9 +189,8 @@ describe("#events.list", () => { teamId: user.teamId, actorId: user.id, }); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", user, { body: { - token: user.getJwtToken(), actorId: user.id, collectionId: collection.id, }, @@ -225,9 +220,8 @@ describe("#events.list", () => { teamId: user.teamId, actorId: user.id, }); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", admin, { body: { - token: admin.getJwtToken(), documentId: document.id, }, }); @@ -256,9 +250,8 @@ describe("#events.list", () => { teamId: user.teamId, actorId: user.id, }); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", actor, { body: { - token: actor.getJwtToken(), documentId: document.id, }, }); @@ -292,9 +285,8 @@ describe("#events.list", () => { teamId: user.teamId, actorId: user.id, }); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", user, { body: { - token: user.getJwtToken(), name: "documents.publish", collectionId: collection.id, }, @@ -332,9 +324,8 @@ describe("#events.list", () => { teamId: user.teamId, actorId: user.id, }); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", user, { body: { - token: user.getJwtToken(), events: ["documents.publish"], collectionId: collection.id, }, @@ -366,11 +357,7 @@ describe("#events.list", () => { actorId: user.id, }); await user.destroy({ hooks: false }); - const res = await server.post("/api/events.list", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/events.list", admin); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -379,9 +366,8 @@ describe("#events.list", () => { it("should require authorization for audit events", async () => { const user = await buildUser(); - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", user, { body: { - token: user.getJwtToken(), auditLog: true, }, }); @@ -421,19 +407,14 @@ describe("#events.list", () => { }); // user2 tries to list events without specifying documentId/collectionId - const res = await server.post("/api/events.list", { - body: { - token: user2.getJwtToken(), - }, - }); + const res = await server.post("/api/events.list", user2); // Non-admins cannot list events without documentId or collectionId expect(res.status).toEqual(403); // Also verify user2 cannot see the draft when filtering by documentId - const res2 = await server.post("/api/events.list", { + const res2 = await server.post("/api/events.list", user2, { body: { - token: user2.getJwtToken(), documentId: privateDraft.id, }, }); @@ -462,11 +443,7 @@ describe("#events.list", () => { }); // admin lists events - const res = await server.post("/api/events.list", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/events.list", admin); const body = await res.json(); expect(res.status).toEqual(200); @@ -497,9 +474,8 @@ describe("#events.list", () => { }); // user lists events for their collection - const res = await server.post("/api/events.list", { + const res = await server.post("/api/events.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, }, }); diff --git a/server/routes/api/fileOperations/fileOperations.test.ts b/server/routes/api/fileOperations/fileOperations.test.ts index 8902aa16f4..d01114c077 100644 --- a/server/routes/api/fileOperations/fileOperations.test.ts +++ b/server/routes/api/fileOperations/fileOperations.test.ts @@ -25,10 +25,9 @@ describe("#fileOperations.info", () => { teamId: team.id, userId: admin.id, }); - const res = await server.post("/api/fileOperations.info", { + const res = await server.post("/api/fileOperations.info", admin, { body: { id: exportData.id, - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -45,10 +44,9 @@ describe("#fileOperations.info", () => { teamId: team.id, userId: user.id, }); - const res = await server.post("/api/fileOperations.info", { + const res = await server.post("/api/fileOperations.info", user, { body: { id: exportData.id, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -65,10 +63,9 @@ describe("#fileOperations.info", () => { teamId: team.id, userId: admin.id, }); - const res = await server.post("/api/fileOperations.info", { + const res = await server.post("/api/fileOperations.info", user, { body: { id: exportData.id, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(403); @@ -83,10 +80,9 @@ describe("#fileOperations.info", () => { teamId: team.id, userId: admin1.id, }); - const res = await server.post("/api/fileOperations.info", { + const res = await server.post("/api/fileOperations.info", admin2, { body: { id: exportData.id, - token: admin2.getJwtToken(), }, }); const body = await res.json(); @@ -103,10 +99,9 @@ describe("#fileOperations.info", () => { teamId: team.id, userId: admin1.id, }); - const res = await server.post("/api/fileOperations.info", { + const res = await server.post("/api/fileOperations.info", admin2, { body: { id: importOp.id, - token: admin2.getJwtToken(), }, }); const body = await res.json(); @@ -125,10 +120,9 @@ describe("#fileOperations.info", () => { teamId: team.id, userId: admin.id, }); - const res = await server.post("/api/fileOperations.info", { + const res = await server.post("/api/fileOperations.info", admin, { body: { id: exportData.id, - token: admin.getJwtToken(), }, }); expect(res.status).toEqual(403); @@ -146,9 +140,8 @@ describe("#fileOperations.list", () => { teamId: team.id, userId: admin.id, }); - const res = await server.post("/api/fileOperations.list", { + const res = await server.post("/api/fileOperations.list", admin, { body: { - token: admin.getJwtToken(), type: FileOperationType.Export, }, }); @@ -176,9 +169,8 @@ describe("#fileOperations.list", () => { userId: admin.id, collectionId: collection.id, }); - const res = await server.post("/api/fileOperations.list", { + const res = await server.post("/api/fileOperations.list", admin, { body: { - token: admin.getJwtToken(), type: FileOperationType.Export, }, }); @@ -210,9 +202,8 @@ describe("#fileOperations.list", () => { await collection.destroy({ hooks: false }); const isCollectionPresent = await Collection.findByPk(collection.id); expect(isCollectionPresent).toBe(null); - const res = await server.post("/api/fileOperations.list", { + const res = await server.post("/api/fileOperations.list", admin, { body: { - token: admin.getJwtToken(), type: FileOperationType.Export, }, }); @@ -247,9 +238,8 @@ describe("#fileOperations.list", () => { await admin.destroy(); const isAdminPresent = await User.findByPk(admin.id); expect(isAdminPresent).toBe(null); - const res = await server.post("/api/fileOperations.list", { + const res = await server.post("/api/fileOperations.list", admin2, { body: { - token: admin2.getJwtToken(), type: FileOperationType.Export, }, }); @@ -265,9 +255,8 @@ describe("#fileOperations.list", () => { it("should require admin", async () => { const user = await buildUser(); - const res = await server.post("/api/fileOperations.list", { + const res = await server.post("/api/fileOperations.list", user, { body: { - token: user.getJwtToken(), type: FileOperationType.Export, }, }); @@ -286,9 +275,8 @@ describe("#fileOperations.redirect", () => { teamId: team.id, userId: admin.id, }); - const res = await server.post("/api/fileOperations.redirect", { + const res = await server.post("/api/fileOperations.redirect", admin, { body: { - token: admin.getJwtToken(), id: exportData.id, }, }); @@ -307,9 +295,8 @@ describe("#fileOperations.redirect", () => { teamId: team.id, userId: admin1.id, }); - const res = await server.post("/api/fileOperations.redirect", { + const res = await server.post("/api/fileOperations.redirect", admin2, { body: { - token: admin2.getJwtToken(), id: exportData.id, }, redirect: "manual", @@ -326,9 +313,8 @@ describe("#fileOperations.redirect", () => { teamId: team.id, userId: user.id, }); - const res = await server.post("/api/fileOperations.redirect", { + const res = await server.post("/api/fileOperations.redirect", user, { body: { - token: user.getJwtToken(), id: exportData.id, }, redirect: "manual", @@ -346,9 +332,8 @@ describe("#fileOperations.redirect", () => { teamId: team.id, userId: admin.id, }); - const res = await server.post("/api/fileOperations.redirect", { + const res = await server.post("/api/fileOperations.redirect", user, { body: { - token: user.getJwtToken(), id: exportData.id, }, }); @@ -365,9 +350,8 @@ describe("#fileOperations.redirect", () => { teamId: team.id, userId: user.id, }); - const res = await server.post("/api/fileOperations.redirect", { + const res = await server.post("/api/fileOperations.redirect", admin, { body: { - token: admin.getJwtToken(), id: exportData.id, }, }); @@ -387,12 +371,15 @@ describe("#fileOperations.delete", () => { userId: admin.id, state: FileOperationState.Complete, }); - const deleteResponse = await server.post("/api/fileOperations.delete", { - body: { - token: admin.getJwtToken(), - id: exportData.id, - }, - }); + const deleteResponse = await server.post( + "/api/fileOperations.delete", + admin, + { + body: { + id: exportData.id, + }, + } + ); expect(deleteResponse.status).toBe(200); expect( await Event.count({ @@ -420,9 +407,8 @@ describe("#fileOperations.delete", () => { teamId: team.id, userId: user.id, }); - const res = await server.post("/api/fileOperations.delete", { + const res = await server.post("/api/fileOperations.delete", admin, { body: { - token: admin.getJwtToken(), id: exportData.id, }, }); diff --git a/server/routes/api/groupMemberships/groupMemberships.test.ts b/server/routes/api/groupMemberships/groupMemberships.test.ts index 55447ff64e..92b96d9f27 100644 --- a/server/routes/api/groupMemberships/groupMemberships.test.ts +++ b/server/routes/api/groupMemberships/groupMemberships.test.ts @@ -41,19 +41,14 @@ describe("groupMemberships.list", () => { createdById: user.id, }); - await server.post("/api/documents.add_group", { + await server.post("/api/documents.add_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, }); - const res = await server.post("/api/groupMemberships.list", { - body: { - token: member.getJwtToken(), - }, - }); + const res = await server.post("/api/groupMemberships.list", member); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).not.toBeFalsy(); @@ -107,20 +102,15 @@ describe("groupMemberships.list", () => { ]); for (const document of documents) { - await server.post("/api/documents.add_group", { + await server.post("/api/documents.add_group", user, { body: { - token: user.getJwtToken(), id: document.id, groupId: group.id, }, }); } - const res = await server.post("/api/groupMemberships.list", { - body: { - token: member.getJwtToken(), - }, - }); + const res = await server.post("/api/groupMemberships.list", member); const body = await res.json(); expect(res.status).toEqual(200); expect(body.pagination).not.toBeFalsy(); diff --git a/server/routes/api/groups/groups.test.ts b/server/routes/api/groups/groups.test.ts index f462a9db43..032a6aae48 100644 --- a/server/routes/api/groups/groups.test.ts +++ b/server/routes/api/groups/groups.test.ts @@ -15,9 +15,8 @@ describe("#groups.create", () => { it("should create a group", async () => { const name = "hello I am a group"; const user = await buildAdmin(); - const res = await server.post("/api/groups.create", { + const res = await server.post("/api/groups.create", user, { body: { - token: user.getJwtToken(), name, externalId: "123", }, @@ -46,9 +45,8 @@ describe("#groups.update", () => { it("should require admin", async () => { const group = await buildGroup(); const user = await buildUser(); - const res = await server.post("/api/groups.update", { + const res = await server.post("/api/groups.update", user, { body: { - token: user.getJwtToken(), id: group.id, name: "Test", }, @@ -59,9 +57,8 @@ describe("#groups.update", () => { it("should require authorization", async () => { const group = await buildGroup(); const user = await buildAdmin(); - const res = await server.post("/api/groups.update", { + const res = await server.post("/api/groups.update", user, { body: { - token: user.getJwtToken(), id: group.id, name: "Test", }, @@ -79,9 +76,8 @@ describe("#groups.update", () => { }); it("allows admin to edit a group", async () => { - const res = await server.post("/api/groups.update", { + const res = await server.post("/api/groups.update", user, { body: { - token: user.getJwtToken(), id: group.id, name: "Test", externalId: "123", @@ -113,9 +109,8 @@ describe("#groups.update", () => { const admin = await buildAdmin({ teamId: user.teamId, }); - await server.post("/api/groups.add_user", { + await server.post("/api/groups.add_user", admin, { body: { - token: admin.getJwtToken(), id: group.id, userId: user.id, permission: "admin", @@ -124,9 +119,8 @@ describe("#groups.update", () => { }); it("allows group admin to edit a group", async () => { - const res = await server.post("/api/groups.update", { + const res = await server.post("/api/groups.update", user, { body: { - token: user.getJwtToken(), id: group.id, name: "Test by Group Admin", }, @@ -147,9 +141,8 @@ describe("#groups.update", () => { }); it("does not create an event if the update is a noop", async () => { - const res = await server.post("/api/groups.update", { + const res = await server.post("/api/groups.update", user, { body: { - token: user.getJwtToken(), id: group.id, name: group.name, }, @@ -171,9 +164,8 @@ describe("#groups.update", () => { teamId: user.teamId, name: "test", }); - const res = await server.post("/api/groups.update", { + const res = await server.post("/api/groups.update", user, { body: { - token: user.getJwtToken(), id: group.id, name: "TEST", }, @@ -203,11 +195,7 @@ describe("#groups.list", () => { createdById: user.id, }, }); - const res = await server.post("/api/groups.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/groups.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.pagination.total).toEqual(1); @@ -239,11 +227,7 @@ describe("#groups.list", () => { }, }); await user.destroy({ hooks: false }); - const res = await server.post("/api/groups.list", { - body: { - token: me.getJwtToken(), - }, - }); + const res = await server.post("/api/groups.list", me); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.groups.length).toEqual(1); @@ -277,11 +261,7 @@ describe("#groups.list", () => { createdById: user.id, }, }); - const res = await server.post("/api/groups.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/groups.list", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -304,10 +284,9 @@ describe("#groups.list", () => { ).toBe(true); expect(body.policies.length).toEqual(2); - const anotherRes = await server.post("/api/groups.list", { + const anotherRes = await server.post("/api/groups.list", user, { body: { userId: user.id, - token: user.getJwtToken(), }, }); const anotherBody = await anotherRes.json(); @@ -335,10 +314,9 @@ describe("#groups.list", () => { const group = await buildGroup({ teamId: user.teamId }); await buildGroup({ teamId: user.teamId }); - const res = await server.post("/api/groups.list", { + const res = await server.post("/api/groups.list", user, { body: { name: group.name, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -353,10 +331,9 @@ describe("#groups.list", () => { const group = await buildGroup({ teamId: user.teamId, externalId: "123" }); await buildGroup({ teamId: user.teamId }); - const res = await server.post("/api/groups.list", { + const res = await server.post("/api/groups.list", user, { body: { externalId: "123", - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -371,10 +348,9 @@ describe("#groups.list", () => { await buildGroup({ teamId: user.teamId }); await buildGroup({ teamId: user.teamId }); - const res = await server.post("/api/groups.list", { + const res = await server.post("/api/groups.list", user, { body: { limit: 1, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -414,10 +390,9 @@ describe("#groups.list", () => { teamId: otherUser.teamId, }); - const res = await server.post("/api/groups.list", { + const res = await server.post("/api/groups.list", user, { body: { source: authProvider.name, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -433,9 +408,8 @@ describe("#groups.info", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/groups.info", { + const res = await server.post("/api/groups.info", user, { body: { - token: user.getJwtToken(), id: group.id, }, }); @@ -450,9 +424,8 @@ describe("#groups.info", () => { teamId: user.teamId, externalId: "456", }); - const res = await server.post("/api/groups.info", { + const res = await server.post("/api/groups.info", user, { body: { - token: user.getJwtToken(), externalId: "456", }, }); @@ -471,9 +444,8 @@ describe("#groups.info", () => { createdById: user.id, }, }); - const res = await server.post("/api/groups.info", { + const res = await server.post("/api/groups.info", user, { body: { - token: user.getJwtToken(), id: group.id, }, }); @@ -487,9 +459,8 @@ describe("#groups.info", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/groups.info", { + const res = await server.post("/api/groups.info", user, { body: { - token: user.getJwtToken(), id: group.id, }, }); @@ -510,9 +481,8 @@ describe("#groups.info", () => { it("should require authorization", async () => { const user = await buildUser(); const group = await buildGroup(); - const res = await server.post("/api/groups.info", { + const res = await server.post("/api/groups.info", user, { body: { - token: user.getJwtToken(), id: group.id, }, }); @@ -536,9 +506,8 @@ describe("#groups.delete", () => { it("should require admin", async () => { const group = await buildGroup(); const user = await buildUser(); - const res = await server.post("/api/groups.delete", { + const res = await server.post("/api/groups.delete", user, { body: { - token: user.getJwtToken(), id: group.id, }, }); @@ -548,9 +517,8 @@ describe("#groups.delete", () => { it("should require authorization", async () => { const group = await buildGroup(); const user = await buildAdmin(); - const res = await server.post("/api/groups.delete", { + const res = await server.post("/api/groups.delete", user, { body: { - token: user.getJwtToken(), id: group.id, }, }); @@ -562,9 +530,8 @@ describe("#groups.delete", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/groups.delete", { + const res = await server.post("/api/groups.delete", user, { body: { - token: user.getJwtToken(), id: group.id, }, }); @@ -585,9 +552,8 @@ describe("#groups.memberships", () => { createdById: user.id, }, }); - const res = await server.post("/api/groups.memberships", { + const res = await server.post("/api/groups.memberships", user, { body: { - token: user.getJwtToken(), id: group.id, }, }); @@ -627,9 +593,8 @@ describe("#groups.memberships", () => { }, }); await user3.destroy(); - const res = await server.post("/api/groups.memberships", { + const res = await server.post("/api/groups.memberships", user, { body: { - token: user.getJwtToken(), id: group.id, query: user.name.slice(0, 3), }, @@ -650,9 +615,8 @@ describe("#groups.memberships", () => { it("should require authorization", async () => { const user = await buildUser(); const group = await buildGroup(); - const res = await server.post("/api/groups.memberships", { + const res = await server.post("/api/groups.memberships", user, { body: { - token: user.getJwtToken(), id: group.id, }, }); @@ -666,9 +630,8 @@ describe("#groups.add_user", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/groups.add_user", { + const res = await server.post("/api/groups.add_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: user.id, }, @@ -686,9 +649,8 @@ describe("#groups.add_user", () => { const group = await buildGroup({ teamId: user.teamId, }); - const res = await server.post("/api/groups.add_user", { + const res = await server.post("/api/groups.add_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: anotherUser.id, permission: GroupPermission.Admin, @@ -712,9 +674,8 @@ describe("#groups.add_user", () => { teamId: user.teamId, }); const anotherUser = await buildUser(); - const res = await server.post("/api/groups.add_user", { + const res = await server.post("/api/groups.add_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: anotherUser.id, }, @@ -732,9 +693,8 @@ describe("#groups.add_user", () => { const anotherUser = await buildUser({ teamId: user.teamId, }); - const res = await server.post("/api/groups.add_user", { + const res = await server.post("/api/groups.add_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: anotherUser.id, }, @@ -751,18 +711,16 @@ describe("#groups.remove_user", () => { const group = await buildGroup({ teamId: user.teamId, }); - await server.post("/api/groups.add_user", { + await server.post("/api/groups.add_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: user.id, }, }); const users = await group.$get("users"); expect(users.length).toEqual(1); - const res = await server.post("/api/groups.remove_user", { + const res = await server.post("/api/groups.remove_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: user.id, }, @@ -783,9 +741,8 @@ describe("#groups.remove_user", () => { teamId: user.teamId, }); const anotherUser = await buildUser(); - const res = await server.post("/api/groups.remove_user", { + const res = await server.post("/api/groups.remove_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: anotherUser.id, }, @@ -803,9 +760,8 @@ describe("#groups.remove_user", () => { const anotherUser = await buildUser({ teamId: user.teamId, }); - const res = await server.post("/api/groups.remove_user", { + const res = await server.post("/api/groups.remove_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: anotherUser.id, }, @@ -833,9 +789,8 @@ describe("#groups.update_user", () => { }); // Then update the user to be an admin - const res = await server.post("/api/groups.update_user", { + const res = await server.post("/api/groups.update_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: anotherUser.id, permission: GroupPermission.Admin, @@ -849,9 +804,8 @@ describe("#groups.update_user", () => { ); // Update the user to not be an admin - const res2 = await server.post("/api/groups.update_user", { + const res2 = await server.post("/api/groups.update_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: anotherUser.id, permission: "member", @@ -891,9 +845,8 @@ describe("#groups.update_user", () => { }); // Try to update as non-admin - const res = await server.post("/api/groups.update_user", { + const res = await server.post("/api/groups.update_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: anotherUser.id, permission: GroupPermission.Admin, @@ -912,9 +865,8 @@ describe("#groups.update_user", () => { teamId: user.teamId, }); - const res = await server.post("/api/groups.update_user", { + const res = await server.post("/api/groups.update_user", user, { body: { - token: user.getJwtToken(), id: group.id, userId: anotherUser.id, permission: GroupPermission.Admin, diff --git a/server/routes/api/imports/imports.test.ts b/server/routes/api/imports/imports.test.ts index 202c067a31..5238cb038c 100644 --- a/server/routes/api/imports/imports.test.ts +++ b/server/routes/api/imports/imports.test.ts @@ -37,12 +37,11 @@ describe("#imports.create", () => { }); const input: NotionImportInput = [{ permission: undefined }]; - const res = await server.post("/api/imports.create", { + const res = await server.post("/api/imports.create", admin, { body: { integrationId: integration.id, service: IntegrationService.Notion, input, - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -70,12 +69,11 @@ describe("#imports.create", () => { integrationId: integration.id, }); - const res = await server.post("/api/imports.create", { + const res = await server.post("/api/imports.create", admin, { body: { integrationId: integration.id, service: ImportableIntegrationService.Notion, input, - token: admin.getJwtToken(), }, }); @@ -91,11 +89,7 @@ describe("#imports.create", () => { it("should require user to be admin", async () => { const user = await buildUser(); - const res = await server.post("/api/imports.create", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/imports.create", user); expect(res.status).toEqual(403); }); @@ -115,10 +109,9 @@ describe("#imports.list", () => { }), ]); - const res = await server.post("/api/imports.list", { + const res = await server.post("/api/imports.list", admin, { body: { service: IntegrationService.Notion, - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -143,11 +136,7 @@ describe("#imports.list", () => { it("should require user to be admin", async () => { const user = await buildUser(); - const res = await server.post("/api/imports.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/imports.list", user); expect(res.status).toEqual(403); }); @@ -161,10 +150,9 @@ describe("#imports.info", () => { teamId: admin.teamId, }); - const res = await server.post("/api/imports.info", { + const res = await server.post("/api/imports.info", admin, { body: { id: importModel.id, - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -182,11 +170,7 @@ describe("#imports.info", () => { it("should require user to be admin", async () => { const user = await buildUser(); - const res = await server.post("/api/imports.info", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/imports.info", user); expect(res.status).toEqual(403); }); @@ -201,10 +185,9 @@ describe("#imports.delete", () => { teamId: admin.teamId, }); - const res = await server.post("/api/imports.delete", { + const res = await server.post("/api/imports.delete", admin, { body: { id: importModel.id, - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -221,10 +204,9 @@ describe("#imports.delete", () => { teamId: admin.teamId, }); - const res = await server.post("/api/imports.delete", { + const res = await server.post("/api/imports.delete", admin, { body: { id: importModel.id, - token: admin.getJwtToken(), }, }); @@ -240,11 +222,7 @@ describe("#imports.delete", () => { it("should require user to be admin", async () => { const user = await buildUser(); - const res = await server.post("/api/imports.delete", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/imports.delete", user); expect(res.status).toEqual(403); }); @@ -258,10 +236,9 @@ describe("#imports.cancel", () => { teamId: admin.teamId, }); - const res = await server.post("/api/imports.cancel", { + const res = await server.post("/api/imports.cancel", admin, { body: { id: importModel.id, - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -279,10 +256,9 @@ describe("#imports.cancel", () => { teamId: admin.teamId, }); - const res = await server.post("/api/imports.cancel", { + const res = await server.post("/api/imports.cancel", admin, { body: { id: importModel.id, - token: admin.getJwtToken(), }, }); @@ -298,11 +274,7 @@ describe("#imports.cancel", () => { it("should require user to be admin", async () => { const user = await buildUser(); - const res = await server.post("/api/imports.cancel", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/imports.cancel", user); expect(res.status).toEqual(403); }); diff --git a/server/routes/api/installation/installation.test.ts b/server/routes/api/installation/installation.test.ts index 1fb3f43b65..c2d5a75edb 100644 --- a/server/routes/api/installation/installation.test.ts +++ b/server/routes/api/installation/installation.test.ts @@ -64,11 +64,7 @@ describe("installation.info", () => { it.skip("should return installation information", async () => { const user = await buildUser(); - const res = await server.post("/api/installation.info", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/installation.info", user); const body = await res.json(); diff --git a/server/routes/api/integrations/integrations.test.ts b/server/routes/api/integrations/integrations.test.ts index 604d2e2721..2c80c516d4 100644 --- a/server/routes/api/integrations/integrations.test.ts +++ b/server/routes/api/integrations/integrations.test.ts @@ -20,10 +20,9 @@ describe("#integrations.update", () => { teamId: team.id, }); - const res = await server.post("/api/integrations.update", { + const res = await server.post("/api/integrations.update", user, { body: { events: ["documents.update"], - token: user.getJwtToken(), id: integration.id, }, }); @@ -38,9 +37,8 @@ describe("#integrations.update", () => { const integration = await buildIntegration({ userId: user.id, }); - const res = await server.post("/api/integrations.update", { + const res = await server.post("/api/integrations.update", user, { body: { - token: user.getJwtToken(), id: integration.id, }, }); @@ -58,9 +56,8 @@ describe("#integrations.update", () => { settings: { url: "https://example.com" }, }); - const res = await server.post("/api/integrations.update", { + const res = await server.post("/api/integrations.update", admin, { body: { - token: admin.getJwtToken(), id: integration.id, settings: { url: "https://foo.bar" }, }, @@ -82,9 +79,8 @@ describe("#integrations.update", () => { settings: { url: "https://example.com" }, }); - const res = await server.post("/api/integrations.update", { + const res = await server.post("/api/integrations.update", admin, { body: { - token: admin.getJwtToken(), id: integration.id, settings: { url: "https://grist.example.com" }, }, @@ -100,9 +96,8 @@ describe("#integrations.create", () => { it("should fail with status 400 bad request for an invalid url value supplied in settings param", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/integrations.create", { + const res = await server.post("/api/integrations.create", admin, { body: { - token: admin.getJwtToken(), type: IntegrationType.Embed, service: IntegrationService.Diagrams, settings: { url: "not a url" }, @@ -116,9 +111,8 @@ describe("#integrations.create", () => { it("should succeed with status 200 ok for an integration without url", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/integrations.create", { + const res = await server.post("/api/integrations.create", admin, { body: { - token: admin.getJwtToken(), type: IntegrationType.Analytics, service: IntegrationService.GoogleAnalytics, settings: { measurementId: "123" }, @@ -135,9 +129,8 @@ describe("#integrations.create", () => { it("should succeed with status 200 ok for an grist integration", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/integrations.create", { + const res = await server.post("/api/integrations.create", admin, { body: { - token: admin.getJwtToken(), type: IntegrationType.Embed, service: IntegrationService.Grist, settings: { url: "https://grist.example.com" }, @@ -171,9 +164,8 @@ describe("#integrations.delete", () => { it("should fail with status 403 unauthorized when the user is not an admin", async () => { const user = await buildUser(); - const res = await server.post("/api/integrations.delete", { + const res = await server.post("/api/integrations.delete", user, { body: { - token: user.getJwtToken(), id: integration.id, }, }); @@ -181,11 +173,7 @@ describe("#integrations.delete", () => { }); it("should fail with status 400 bad request when id is not sent", async () => { - const res = await server.post("/api/integrations.delete", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/integrations.delete", admin); const body = await res.json(); expect(res.status).toEqual(400); @@ -202,9 +190,8 @@ describe("#integrations.delete", () => { service: IntegrationService.Slack, type: IntegrationType.LinkedAccount, }); - const res = await server.post("/api/integrations.delete", { + const res = await server.post("/api/integrations.delete", user, { body: { - token: user.getJwtToken(), id: linkedAccount.id, }, }); @@ -212,9 +199,8 @@ describe("#integrations.delete", () => { }); it("should succeed with status 200 ok when integration is deleted", async () => { - const res = await server.post("/api/integrations.delete", { + const res = await server.post("/api/integrations.delete", admin, { body: { - token: admin.getJwtToken(), id: integration.id, }, }); diff --git a/server/routes/api/middlewares/pagination.test.ts b/server/routes/api/middlewares/pagination.test.ts index 8c930c4fe3..3ff63b0461 100644 --- a/server/routes/api/middlewares/pagination.test.ts +++ b/server/routes/api/middlewares/pagination.test.ts @@ -6,9 +6,8 @@ const server = getTestServer(); describe("#pagination", () => { it("should allow offset and limit", async () => { const user = await buildUser(); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { - token: user.getJwtToken(), limit: 1, offset: 1, }, @@ -18,9 +17,8 @@ describe("#pagination", () => { it("should not allow negative limit", async () => { const user = await buildUser(); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { - token: user.getJwtToken(), limit: -1, }, }); @@ -29,9 +27,8 @@ describe("#pagination", () => { it("should not allow non-integer limit", async () => { const user = await buildUser(); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { - token: user.getJwtToken(), limit: "blah", }, }); @@ -40,9 +37,8 @@ describe("#pagination", () => { it("should not allow negative offset", async () => { const user = await buildUser(); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { - token: user.getJwtToken(), offset: -1, }, }); @@ -51,9 +47,8 @@ describe("#pagination", () => { it("should not allow non-integer offset", async () => { const user = await buildUser(); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { - token: user.getJwtToken(), offset: "blah", }, }); diff --git a/server/routes/api/notifications/notifications.test.ts b/server/routes/api/notifications/notifications.test.ts index 345199cdf3..1bd09095e8 100644 --- a/server/routes/api/notifications/notifications.test.ts +++ b/server/routes/api/notifications/notifications.test.ts @@ -64,11 +64,7 @@ describe("#notifications.list", () => { }), ]); - const res = await server.post("/api/notifications.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/notifications.list", user); const body = await res.json(); expect(res.status).toBe(200); @@ -130,9 +126,8 @@ describe("#notifications.list", () => { }), ]); - const res = await server.post("/api/notifications.list", { + const res = await server.post("/api/notifications.list", user, { body: { - token: user.getJwtToken(), eventType: NotificationEventType.MentionedInComment, }, }); @@ -197,9 +192,8 @@ describe("#notifications.list", () => { }), ]); - const res = await server.post("/api/notifications.list", { + const res = await server.post("/api/notifications.list", user, { body: { - token: user.getJwtToken(), archived: true, }, }); @@ -265,9 +259,8 @@ describe("#notifications.list", () => { }), ]); - const res = await server.post("/api/notifications.list", { + const res = await server.post("/api/notifications.list", user, { body: { - token: user.getJwtToken(), archived: false, }, }); @@ -385,9 +378,8 @@ describe("#notifications.update", () => { expect(notification.viewedAt).toBeNull(); - const res = await server.post("/api/notifications.update", { + const res = await server.post("/api/notifications.update", user, { body: { - token: user.getJwtToken(), id: notification.id, viewedAt: new Date(), }, @@ -425,9 +417,8 @@ describe("#notifications.update", () => { expect(notification.archivedAt).toBeNull(); - const res = await server.post("/api/notifications.update", { + const res = await server.post("/api/notifications.update", user, { body: { - token: user.getJwtToken(), id: notification.id, archivedAt: new Date(), }, @@ -483,11 +474,7 @@ describe("#notifications.update_all", () => { }), ]); - const res = await server.post("/api/notifications.update_all", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/notifications.update_all", user); const body = await res.json(); expect(res.status).toBe(200); expect(body.success).toBe(true); @@ -536,9 +523,8 @@ describe("#notifications.update_all", () => { }), ]); - const res = await server.post("/api/notifications.update_all", { + const res = await server.post("/api/notifications.update_all", user, { body: { - token: user.getJwtToken(), viewedAt: new Date(), }, }); @@ -591,9 +577,8 @@ describe("#notifications.update_all", () => { }), ]); - const res = await server.post("/api/notifications.update_all", { + const res = await server.post("/api/notifications.update_all", user, { body: { - token: user.getJwtToken(), viewedAt: null, }, }); @@ -645,9 +630,8 @@ describe("#notifications.update_all", () => { }), ]); - const res = await server.post("/api/notifications.update_all", { + const res = await server.post("/api/notifications.update_all", user, { body: { - token: user.getJwtToken(), archivedAt: new Date(), }, }); @@ -700,9 +684,8 @@ describe("#notifications.update_all", () => { }), ]); - const res = await server.post("/api/notifications.update_all", { + const res = await server.post("/api/notifications.update_all", user, { body: { - token: user.getJwtToken(), archivedAt: null, }, }); diff --git a/server/routes/api/oauthAuthentications/oauthAuthentications.test.ts b/server/routes/api/oauthAuthentications/oauthAuthentications.test.ts index 465ea5a80f..4274fa9d67 100644 --- a/server/routes/api/oauthAuthentications/oauthAuthentications.test.ts +++ b/server/routes/api/oauthAuthentications/oauthAuthentications.test.ts @@ -32,11 +32,7 @@ describe("oauthAuthentications.list", () => { scope: ["read"], }); - const res = await server.post("/api/oauthAuthentications.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/oauthAuthentications.list", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -63,11 +59,7 @@ describe("oauthAuthentications.list", () => { scope: ["read"], }); - const res = await server.post("/api/oauthAuthentications.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/oauthAuthentications.list", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -87,9 +79,8 @@ describe("oauthAuthentications.delete", () => { const team = await buildTeam(); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/oauthAuthentications.delete", { + const res = await server.post("/api/oauthAuthentications.delete", user, { body: { - token: user.getJwtToken(), oauthClientId: "", }, }); @@ -113,9 +104,8 @@ describe("oauthAuthentications.delete", () => { scope: ["read"], }); - const res = await server.post("/api/oauthAuthentications.delete", { + const res = await server.post("/api/oauthAuthentications.delete", user, { body: { - token: user.getJwtToken(), oauthClientId: oauthClient.id, }, }); @@ -154,9 +144,8 @@ describe("oauthAuthentications.delete", () => { scope: ["write"], }); - const res = await server.post("/api/oauthAuthentications.delete", { + const res = await server.post("/api/oauthAuthentications.delete", user, { body: { - token: user.getJwtToken(), oauthClientId: oauthClient.id, scope: ["read"], }, @@ -193,9 +182,8 @@ describe("oauthAuthentications.delete", () => { scope: ["read"], }); - await server.post("/api/oauthAuthentications.delete", { + await server.post("/api/oauthAuthentications.delete", user, { body: { - token: user.getJwtToken(), oauthClientId: oauthClient.id, scope: "read", }, diff --git a/server/routes/api/oauthClients/oauthClients.test.ts b/server/routes/api/oauthClients/oauthClients.test.ts index b15f0bc693..743423d4ac 100644 --- a/server/routes/api/oauthClients/oauthClients.test.ts +++ b/server/routes/api/oauthClients/oauthClients.test.ts @@ -41,11 +41,7 @@ describe("oauthClients.list", () => { published: false, }); - const res = await server.post("/api/oauthClients.list", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/oauthClients.list", admin); const body = await res.json(); expect(res.status).toEqual(200); @@ -78,9 +74,8 @@ describe("oauthClients.info", () => { redirectUris: ["https://example.com/callback"], }); - const res = await server.post("/api/oauthClients.info", { + const res = await server.post("/api/oauthClients.info", user, { body: { - token: user.getJwtToken(), id: client.id, }, }); @@ -105,9 +100,8 @@ describe("oauthClients.info", () => { redirectUris: ["https://example.com/callback"], }); - const res = await server.post("/api/oauthClients.info", { + const res = await server.post("/api/oauthClients.info", user, { body: { - token: user.getJwtToken(), id: client.id, }, }); @@ -132,9 +126,8 @@ describe("oauthClients.info", () => { published: true, }); - const res = await server.post("/api/oauthClients.info", { + const res = await server.post("/api/oauthClients.info", user, { body: { - token: user.getJwtToken(), id: client.id, }, }); @@ -160,9 +153,8 @@ describe("oauthClients.info", () => { published: true, }); - const res = await server.post("/api/oauthClients.info", { + const res = await server.post("/api/oauthClients.info", user, { body: { - token: user.getJwtToken(), clientId: client.clientId, }, }); @@ -192,9 +184,8 @@ describe("oauthClients.info", () => { }); // Test with valid redirectUri - const validRes = await server.post("/api/oauthClients.info", { + const validRes = await server.post("/api/oauthClients.info", user, { body: { - token: user.getJwtToken(), clientId: client.clientId, redirectUri: "https://example.com/callback", }, @@ -205,9 +196,8 @@ describe("oauthClients.info", () => { expect(validBody.data.name).toEqual("Test Client"); // Test with invalid redirectUri - const invalidRes = await server.post("/api/oauthClients.info", { + const invalidRes = await server.post("/api/oauthClients.info", user, { body: { - token: user.getJwtToken(), clientId: client.clientId, redirectUri: "https://malicious.com/callback", }, @@ -228,9 +218,8 @@ describe("oauthClients.create", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/oauthClients.create", { + const res = await server.post("/api/oauthClients.create", admin, { body: { - token: admin.getJwtToken(), name: "Test Client", redirectUris: ["https://example.com/callback"], }, @@ -264,9 +253,8 @@ describe("oauthclients.update", () => { published: true, }); - const res = await server.post("/api/oauthClients.update", { + const res = await server.post("/api/oauthClients.update", admin, { body: { - token: admin.getJwtToken(), id: client.id, published: false, name: "Renamed", @@ -301,9 +289,8 @@ describe("oauthClients.rotate_secret", () => { const originalSecret = client.clientSecret; - const res = await server.post("/api/oauthClients.rotate_secret", { + const res = await server.post("/api/oauthClients.rotate_secret", admin, { body: { - token: admin.getJwtToken(), id: client.id, }, }); @@ -335,9 +322,8 @@ describe("oauthClients.delete", () => { redirectUris: ["https://example.com/callback"], }); - const res = await server.post("/api/oauthClients.delete", { + const res = await server.post("/api/oauthClients.delete", admin, { body: { - token: admin.getJwtToken(), id: client.id, }, }); diff --git a/server/routes/api/pins/pins.test.ts b/server/routes/api/pins/pins.test.ts index 94ef783af0..fb17ec7607 100644 --- a/server/routes/api/pins/pins.test.ts +++ b/server/routes/api/pins/pins.test.ts @@ -47,20 +47,15 @@ describe("#pins.create", () => { }); it("should fail with status 400 bad request when documentId is not suppled", async () => { - const res = await server.post("/api/pins.create", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/pins.create", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("documentId: required"); }); it("should fail with status 400 bad request when documentId is invalid", async () => { - const res = await server.post("/api/pins.create", { + const res = await server.post("/api/pins.create", user, { body: { - token: user.getJwtToken(), documentId: "foo", }, }); @@ -70,9 +65,8 @@ describe("#pins.create", () => { }); it("should fail with status 400 bad request when index is invalid", async () => { - const res = await server.post("/api/pins.create", { + const res = await server.post("/api/pins.create", user, { body: { - token: user.getJwtToken(), documentId: "foo1234567", index: "😀", }, @@ -83,9 +77,8 @@ describe("#pins.create", () => { }); it("should fail with status 403 forbidden when user is disallowed to read the document", async () => { - const res = await server.post("/api/pins.create", { + const res = await server.post("/api/pins.create", anotherUser, { body: { - token: anotherUser.getJwtToken(), documentId: document.id, }, }); @@ -95,9 +88,8 @@ describe("#pins.create", () => { }); it("should fail with status 403 forbidden when user is disallowed to update the collection", async () => { - const res = await server.post("/api/pins.create", { + const res = await server.post("/api/pins.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, collectionId: collection.id, }, @@ -113,9 +105,8 @@ describe("#pins.create", () => { teamId: admin.teamId, collectionId: collection.id, }); - const res = await server.post("/api/pins.create", { + const res = await server.post("/api/pins.create", admin, { body: { - token: admin.getJwtToken(), // A draft document cannot be pinned, neither by a member nor by an admin documentId: draft.id, collectionId: collection.id, @@ -127,9 +118,8 @@ describe("#pins.create", () => { }); it("should fail with status 403 forbidden when user is disallowed to pin the document to home page", async () => { - const res = await server.post("/api/pins.create", { + const res = await server.post("/api/pins.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -139,9 +129,8 @@ describe("#pins.create", () => { }); it("should succeed with status 200 ok when user is allowed to pin", async () => { - const res = await server.post("/api/pins.create", { + const res = await server.post("/api/pins.create", admin, { body: { - token: admin.getJwtToken(), documentId: document.id, }, }); @@ -153,9 +142,8 @@ describe("#pins.create", () => { }); it("should succeed with status 200 ok when valid collectionId is supplied", async () => { - const res = await server.post("/api/pins.create", { + const res = await server.post("/api/pins.create", admin, { body: { - token: admin.getJwtToken(), documentId: document.id, collectionId: collection.id, }, @@ -176,16 +164,14 @@ describe("#pins.info", () => { teamId: admin.teamId, }); - await server.post("/api/pins.create", { + await server.post("/api/pins.create", admin, { body: { - token: admin.getJwtToken(), documentId: document.id, }, }); - const res = await server.post("/api/pins.info", { + const res = await server.post("/api/pins.info", admin, { body: { - token: admin.getJwtToken(), documentId: document.id, }, }); @@ -204,17 +190,15 @@ describe("#pins.info", () => { teamId: user.teamId, }); - await server.post("/api/pins.create", { + await server.post("/api/pins.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, collectionId: document.collectionId, }, }); - const res = await server.post("/api/pins.info", { + const res = await server.post("/api/pins.info", user, { body: { - token: user.getJwtToken(), documentId: document.id, collectionId: document.collectionId, }, @@ -234,9 +218,8 @@ describe("#pins.info", () => { teamId: user.teamId, }); - const res = await server.post("/api/pins.info", { + const res = await server.post("/api/pins.info", user, { body: { - token: user.getJwtToken(), documentId: document.id, collectionId: null, }, @@ -292,11 +275,7 @@ describe("#pins.list", () => { }); it("should succeed with status 200 ok returning pinned documents", async () => { - const res = await server.post("/api/pins.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/pins.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toBeTruthy(); @@ -311,9 +290,8 @@ describe("#pins.list", () => { }); it("should succeed with status 200 ok returning pinned documents filtered by collectionId supplied", async () => { - const res = await server.post("/api/pins.list", { + const res = await server.post("/api/pins.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, }, }); @@ -345,9 +323,8 @@ describe("#pins.list", () => { // Create a user on the same team but without access to the private collection const teamMember = await buildUser({ teamId: otherUser.teamId }); - const res = await server.post("/api/pins.list", { + const res = await server.post("/api/pins.list", teamMember, { body: { - token: teamMember.getJwtToken(), collectionId: privateCollection.id, }, }); @@ -372,9 +349,8 @@ describe("#pins.list", () => { teamId: user.teamId, }); - const res = await server.post("/api/pins.list", { + const res = await server.post("/api/pins.list", user, { body: { - token: user.getJwtToken(), collectionId: collectionWithPins.id, }, }); @@ -387,9 +363,8 @@ describe("#pins.list", () => { }); it("should fail with status 403 forbidden when collection does not exist", async () => { - const res = await server.post("/api/pins.list", { + const res = await server.post("/api/pins.list", user, { body: { - token: user.getJwtToken(), collectionId: "00000000-0000-0000-0000-000000000000", }, }); @@ -437,11 +412,7 @@ describe("#pins.update", () => { }); it("should fail with status 400 bad request when id is missing", async () => { - const res = await server.post("/api/pins.update", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/pins.update", admin); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -450,9 +421,8 @@ describe("#pins.update", () => { }); it("should fail with status 400 bad request when index is missing", async () => { - const res = await server.post("/api/pins.update", { + const res = await server.post("/api/pins.update", admin, { body: { - token: admin.getJwtToken(), id: pin.id, }, }); @@ -464,9 +434,8 @@ describe("#pins.update", () => { }); it("should fail with status 400 bad request when an invalid index is sent", async () => { - const res = await server.post("/api/pins.update", { + const res = await server.post("/api/pins.update", admin, { body: { - token: admin.getJwtToken(), id: pin.id, index: "😀", }, @@ -477,9 +446,8 @@ describe("#pins.update", () => { }); it("should fail with status 403 forbidden when user is disallowed to update the pin", async () => { - const res = await server.post("/api/pins.update", { + const res = await server.post("/api/pins.update", user, { body: { - token: user.getJwtToken(), id: pin.id, index: "b", }, @@ -490,9 +458,8 @@ describe("#pins.update", () => { }); it("should succeed with status 200 ok and when user is allowed to update the pin", async () => { - const res = await server.post("/api/pins.update", { + const res = await server.post("/api/pins.update", admin, { body: { - token: admin.getJwtToken(), id: pin.id, index: "b", }, @@ -527,11 +494,7 @@ describe("#pins.delete", () => { }); it("should fail with status 400 bad request when id is missing", async () => { - const res = await server.post("/api/pins.delete", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/pins.delete", admin); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -543,9 +506,8 @@ describe("#pins.delete", () => { const user = await buildUser({ teamId: admin.teamId, }); - const res = await server.post("/api/pins.delete", { + const res = await server.post("/api/pins.delete", user, { body: { - token: user.getJwtToken(), id: pin.id, }, }); @@ -555,9 +517,8 @@ describe("#pins.delete", () => { }); it("should succeed with status 200 ok when user is allowed to delete the pin", async () => { - const res = await server.post("/api/pins.delete", { + const res = await server.post("/api/pins.delete", admin, { body: { - token: admin.getJwtToken(), id: pin.id, }, }); diff --git a/server/routes/api/reactions/reactions.test.ts b/server/routes/api/reactions/reactions.test.ts index 4439ba9d7d..8f5a671e6b 100644 --- a/server/routes/api/reactions/reactions.test.ts +++ b/server/routes/api/reactions/reactions.test.ts @@ -33,9 +33,8 @@ describe("#reactions.list", () => { { emoji: "😅", commentId: comment.id, userId: user.id }, ]); - const res = await server.post("/api/reactions.list", { + const res = await server.post("/api/reactions.list", user, { body: { - token: user.getJwtToken(), commentId: comment.id, }, }); diff --git a/server/routes/api/relationships/relationships.test.ts b/server/routes/api/relationships/relationships.test.ts index a1207e703f..e9353ec689 100644 --- a/server/routes/api/relationships/relationships.test.ts +++ b/server/routes/api/relationships/relationships.test.ts @@ -55,11 +55,7 @@ describe("#relationships.info", () => { }); it("should fail with status 400 bad request when id is not supplied", async () => { - const res = await server.post("/api/relationships.info", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/relationships.info", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -68,9 +64,8 @@ describe("#relationships.info", () => { }); it("should fail with status 400 bad request when id is not a valid UUID", async () => { - const res = await server.post("/api/relationships.info", { + const res = await server.post("/api/relationships.info", user, { body: { - token: user.getJwtToken(), id: "invalid-uuid", }, }); @@ -80,9 +75,8 @@ describe("#relationships.info", () => { }); it("should fail with status 404 not found when relationship does not exist", async () => { - const res = await server.post("/api/relationships.info", { + const res = await server.post("/api/relationships.info", admin, { body: { - token: admin.getJwtToken(), id: "550e8400-e29b-41d4-a716-446655440000", }, }); @@ -92,9 +86,8 @@ describe("#relationships.info", () => { }); it("should fail with status 403 forbidden when user cannot read the document", async () => { - const res = await server.post("/api/relationships.info", { + const res = await server.post("/api/relationships.info", anotherUser, { body: { - token: anotherUser.getJwtToken(), id: relationship.id, }, }); @@ -104,9 +97,8 @@ describe("#relationships.info", () => { }); it("should succeed with status 200 ok when user can read the document", async () => { - const res = await server.post("/api/relationships.info", { + const res = await server.post("/api/relationships.info", admin, { body: { - token: admin.getJwtToken(), id: relationship.id, }, }); @@ -143,9 +135,8 @@ describe("#relationships.info", () => { reverseDocumentId: adminDocument.id, }); - const res = await server.post("/api/relationships.info", { + const res = await server.post("/api/relationships.info", user, { body: { - token: user.getJwtToken(), id: userRelationship.id, }, }); @@ -165,9 +156,8 @@ describe("#relationships.info", () => { // Make user team member so they can read both documents const teamUser = await buildUser({ teamId: admin.teamId }); - const res = await server.post("/api/relationships.info", { + const res = await server.post("/api/relationships.info", teamUser, { body: { - token: teamUser.getJwtToken(), id: relationship.id, }, }); @@ -243,11 +233,7 @@ describe("#relationships.list", () => { }); it("should succeed with status 200 ok returning all relationships", async () => { - const res = await server.post("/api/relationships.list", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/relationships.list", admin); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toBeTruthy(); @@ -259,9 +245,8 @@ describe("#relationships.list", () => { }); it("should succeed with status 200 ok returning relationships filtered by type", async () => { - const res = await server.post("/api/relationships.list", { + const res = await server.post("/api/relationships.list", admin, { body: { - token: admin.getJwtToken(), type: RelationshipType.Backlink, }, }); @@ -277,9 +262,8 @@ describe("#relationships.list", () => { }); it("should succeed with status 200 ok returning relationships filtered by documentId", async () => { - const res = await server.post("/api/relationships.list", { + const res = await server.post("/api/relationships.list", admin, { body: { - token: admin.getJwtToken(), documentId: documents[0].id, }, }); @@ -295,9 +279,8 @@ describe("#relationships.list", () => { }); it("should succeed with status 200 ok returning relationships filtered by reverseDocumentId", async () => { - const res = await server.post("/api/relationships.list", { + const res = await server.post("/api/relationships.list", admin, { body: { - token: admin.getJwtToken(), reverseDocumentId: documents[1].id, }, }); @@ -313,9 +296,8 @@ describe("#relationships.list", () => { }); it("should succeed with status 200 ok returning relationships with multiple filters", async () => { - const res = await server.post("/api/relationships.list", { + const res = await server.post("/api/relationships.list", admin, { body: { - token: admin.getJwtToken(), type: RelationshipType.Backlink, documentId: documents[0].id, }, @@ -335,9 +317,8 @@ describe("#relationships.list", () => { }); it("should fail with status 400 bad request when documentId is invalid", async () => { - const res = await server.post("/api/relationships.list", { + const res = await server.post("/api/relationships.list", admin, { body: { - token: admin.getJwtToken(), documentId: "invalid-id", }, }); @@ -345,9 +326,8 @@ describe("#relationships.list", () => { }); it("should fail with status 400 bad request when reverseDocumentId is invalid", async () => { - const res = await server.post("/api/relationships.list", { + const res = await server.post("/api/relationships.list", admin, { body: { - token: admin.getJwtToken(), reverseDocumentId: "invalid-id", }, }); @@ -357,9 +337,8 @@ describe("#relationships.list", () => { }); it("should respect pagination", async () => { - const res = await server.post("/api/relationships.list", { + const res = await server.post("/api/relationships.list", admin, { body: { - token: admin.getJwtToken(), limit: 1, offset: 0, }, @@ -373,9 +352,8 @@ describe("#relationships.list", () => { }); it("should return empty results when no relationships match filters", async () => { - const res = await server.post("/api/relationships.list", { + const res = await server.post("/api/relationships.list", admin, { body: { - token: admin.getJwtToken(), documentId: "550e8400-e29b-41d4-a716-446655440000", }, }); @@ -411,9 +389,8 @@ describe("#relationships.list", () => { reverseDocumentId: cannotAccessDocument.id, }); - const res = await server.post("/api/relationships.list", { + const res = await server.post("/api/relationships.list", user, { body: { - token: user.getJwtToken(), documentId: userDocument.id, }, }); diff --git a/server/routes/api/revisions/revisions.test.ts b/server/routes/api/revisions/revisions.test.ts index 4588f081ae..00254261ce 100644 --- a/server/routes/api/revisions/revisions.test.ts +++ b/server/routes/api/revisions/revisions.test.ts @@ -21,9 +21,8 @@ describe("#revisions.info", () => { createContext({ user }), document ); - const res = await server.post("/api/revisions.info", { + const res = await server.post("/api/revisions.info", user, { body: { - token: user.getJwtToken(), id: revision.id, }, }); @@ -44,9 +43,8 @@ describe("#revisions.info", () => { document ); const user = await buildUser(); - const res = await server.post("/api/revisions.info", { + const res = await server.post("/api/revisions.info", user, { body: { - token: user.getJwtToken(), id: revision.id, }, }); @@ -66,9 +64,8 @@ describe("#revisions.update", () => { document ); - const res = await server.post("/api/revisions.update", { + const res = await server.post("/api/revisions.update", user, { body: { - token: user.getJwtToken(), id: revision.id, name: "new name", }, @@ -89,9 +86,8 @@ describe("#revisions.update", () => { document ); - const res = await server.post("/api/revisions.update", { + const res = await server.post("/api/revisions.update", user, { body: { - token: user.getJwtToken(), id: revision.id, name: null, }, @@ -112,9 +108,8 @@ describe("#revisions.update", () => { document ); - const res = await server.post("/api/revisions.update", { + const res = await server.post("/api/revisions.update", user, { body: { - token: user.getJwtToken(), id: revision.id, name: "", }, @@ -133,9 +128,8 @@ describe("#revisions.update", () => { document ); - const res = await server.post("/api/revisions.update", { + const res = await server.post("/api/revisions.update", admin, { body: { - token: admin.getJwtToken(), id: revision.id, name: "new name", }, @@ -156,9 +150,8 @@ describe("#revisions.update", () => { document ); const user = await buildUser(); - const res = await server.post("/api/revisions.update", { + const res = await server.post("/api/revisions.update", user, { body: { - token: user.getJwtToken(), id: revision.id, name: "new name", }, @@ -175,9 +168,8 @@ describe("#revisions.list", () => { teamId: user.teamId, }); await Revision.createFromDocument(createContext({ user }), document); - const res = await server.post("/api/revisions.list", { + const res = await server.post("/api/revisions.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -208,9 +200,8 @@ describe("#revisions.list", () => { collectionId: collection.id, }, }); - const res = await server.post("/api/revisions.list", { + const res = await server.post("/api/revisions.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -220,9 +211,8 @@ describe("#revisions.list", () => { it("should require authorization", async () => { const document = await buildDocument(); const user = await buildUser(); - const res = await server.post("/api/revisions.list", { + const res = await server.post("/api/revisions.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -241,9 +231,8 @@ describe("#revisions.export", () => { createContext({ user }), document ); - const res = await server.post("/api/revisions.export", { + const res = await server.post("/api/revisions.export", user, { body: { - token: user.getJwtToken(), id: revision.id, }, }); @@ -262,9 +251,8 @@ describe("#revisions.export", () => { createContext({ user }), document ); - const res = await server.post("/api/revisions.export", { + const res = await server.post("/api/revisions.export", user, { body: { - token: user.getJwtToken(), id: revision.id, }, headers: { @@ -286,9 +274,8 @@ describe("#revisions.export", () => { createContext({ user }), document ); - const res = await server.post("/api/revisions.export", { + const res = await server.post("/api/revisions.export", user, { body: { - token: user.getJwtToken(), id: revision.id, }, headers: { @@ -330,9 +317,8 @@ describe("#revisions.export", () => { document ); const user = await buildUser(); - const res = await server.post("/api/revisions.export", { + const res = await server.post("/api/revisions.export", user, { body: { - token: user.getJwtToken(), id: revision.id, }, }); diff --git a/server/routes/api/searches/searches.test.ts b/server/routes/api/searches/searches.test.ts index 38a24484d1..3dacdacba3 100644 --- a/server/routes/api/searches/searches.test.ts +++ b/server/routes/api/searches/searches.test.ts @@ -31,11 +31,7 @@ describe("#searches.list", () => { }); it("should succeed with status 200 ok returning results", async () => { - const res = await server.post("/api/searches.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/searches.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(3); @@ -46,9 +42,8 @@ describe("#searches.list", () => { }); it("should allow filtering by source", async () => { - const res = await server.post("/api/searches.list", { + const res = await server.post("/api/searches.list", user, { body: { - token: user.getJwtToken(), source: "api", }, }); @@ -72,9 +67,8 @@ describe("#searches.update", () => { }); it("should fail with status 400 bad request when an invalid id is provided", async () => { - const res = await server.post("/api/searches.update", { + const res = await server.post("/api/searches.update", user, { body: { - token: user.getJwtToken(), id: "id", score: 1, }, @@ -83,9 +77,8 @@ describe("#searches.update", () => { }); it("should fail with status 400 bad request when an invalid score is provided", async () => { - const res = await server.post("/api/searches.update", { + const res = await server.post("/api/searches.update", user, { body: { - token: user.getJwtToken(), id: searchQuery.id, score: 2, }, @@ -94,9 +87,8 @@ describe("#searches.update", () => { }); it("should succeed with status 200 ok and successfully update the query", async () => { - const res = await server.post("/api/searches.update", { + const res = await server.post("/api/searches.update", user, { body: { - token: user.getJwtToken(), id: searchQuery.id, score: 1, }, @@ -123,11 +115,7 @@ describe("#searches.delete", () => { }); it("should fail with status 400 bad request when no id or query is provided", async () => { - const res = await server.post("/api/searches.delete", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/searches.delete", user); const body = await res.json(); expect(res.status).toEqual(400); @@ -135,9 +123,8 @@ describe("#searches.delete", () => { }); it("should fail with status 400 bad request when an invalid id is provided", async () => { - const res = await server.post("/api/searches.delete", { + const res = await server.post("/api/searches.delete", user, { body: { - token: user.getJwtToken(), id: "id", }, }); @@ -156,9 +143,8 @@ describe("#searches.delete", () => { }); expect(searchQueries).toHaveLength(1); - const res = await server.post("/api/searches.delete", { + const res = await server.post("/api/searches.delete", user, { body: { - token: user.getJwtToken(), id: searchQuery.id, }, }); diff --git a/server/routes/api/shares/shares.test.ts b/server/routes/api/shares/shares.test.ts index 91be73380c..6ce258bfe8 100644 --- a/server/routes/api/shares/shares.test.ts +++ b/server/routes/api/shares/shares.test.ts @@ -19,9 +19,8 @@ const server = getTestServer(); describe("#shares.list", () => { it("should fail with status 400 bad request when an invalid sort value is suppled", async () => { const user = await buildUser(); - const res = await server.post("/api/shares.list", { + const res = await server.post("/api/shares.list", user, { body: { - token: user.getJwtToken(), sort: "foo", }, }); @@ -47,11 +46,7 @@ describe("#shares.list", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/shares.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -71,9 +66,8 @@ describe("#shares.list", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.list", { + const res = await server.post("/api/shares.list", user, { body: { - token: user.getJwtToken(), query: "test", }, }); @@ -98,9 +92,8 @@ describe("#shares.list", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.list", { + const res = await server.post("/api/shares.list", user, { body: { - token: user.getJwtToken(), query: "test", }, }); @@ -123,11 +116,7 @@ describe("#shares.list", () => { userId: user.id, }); await share.revoke(createContext({ user })); - const res = await server.post("/api/shares.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/shares.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -145,11 +134,7 @@ describe("#shares.list", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/shares.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -167,11 +152,7 @@ describe("#shares.list", () => { userId: user.id, }); await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx)); - const res = await server.post("/api/shares.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/shares.list", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -187,11 +168,7 @@ describe("#shares.list", () => { teamId: admin.teamId, userId: user.id, }); - const res = await server.post("/api/shares.list", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/shares.list", admin); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(1); @@ -219,11 +196,7 @@ describe("#shares.list", () => { }); collection.permission = null; await collection.save(); - const res = await server.post("/api/shares.list", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/shares.list", admin); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.length).toEqual(0); @@ -240,11 +213,7 @@ describe("#shares.list", () => { describe("#shares.create", () => { it("should fail with status 400 bad request when both documentId and collectionId are missing", async () => { const user = await buildUser(); - const res = await server.post("/api/shares.create", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/shares.create", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -254,9 +223,8 @@ describe("#shares.create", () => { it("should fail with status 400 bad request when documentId is invalid", async () => { const user = await buildUser(); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: "foo", }, }); @@ -271,9 +239,8 @@ describe("#shares.create", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, }, }); @@ -289,9 +256,8 @@ describe("#shares.create", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -307,9 +273,8 @@ describe("#shares.create", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, includeChildDocuments: true, published: true, @@ -330,9 +295,8 @@ describe("#shares.create", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, published: true, }, @@ -349,9 +313,8 @@ describe("#shares.create", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, published: true, allowIndexing: false, @@ -392,9 +355,8 @@ describe("#shares.create", () => { }, } ); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, published: true, }, @@ -428,17 +390,15 @@ describe("#shares.create", () => { }, } ); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); const body = await res.json(); expect(res.status).toEqual(200); - const response = await server.post("/api/shares.update", { + const response = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: body.data.id, published: true, }, @@ -458,9 +418,8 @@ describe("#shares.create", () => { userId: user.id, }); await share.revoke(createContext({ user })); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -481,9 +440,8 @@ describe("#shares.create", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -499,17 +457,15 @@ describe("#shares.create", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); const body = await res.json(); expect(res.status).toEqual(200); - const response = await server.post("/api/shares.update", { + const response = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: body.data.id, published: true, }, @@ -529,17 +485,15 @@ describe("#shares.create", () => { collectionId: collection.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); const body = await res.json(); expect(res.status).toEqual(200); - const response = await server.post("/api/shares.update", { + const response = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: body.data.id, published: true, }, @@ -562,9 +516,8 @@ describe("#shares.create", () => { it("should require authorization", async () => { const document = await buildDocument(); const user = await buildUser(); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -575,9 +528,8 @@ describe("#shares.create", () => { const user = await buildUser(); const otherDocument = await buildDocument(); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: otherDocument.id, }, }); @@ -588,9 +540,8 @@ describe("#shares.create", () => { const user = await buildUser(); const otherDocument = await buildDocument(); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), documentId: otherDocument.id, published: true, }, @@ -602,9 +553,8 @@ describe("#shares.create", () => { const user = await buildUser(); const otherCollection = await buildCollection(); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), collectionId: otherCollection.id, }, }); @@ -622,9 +572,8 @@ describe("#shares.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, documentId: document.id, }, @@ -643,9 +592,8 @@ describe("#shares.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/shares.create", { + const res = await server.post("/api/shares.create", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, documentId: document.id, published: true, @@ -658,11 +606,7 @@ describe("#shares.create", () => { describe("#shares.info", () => { it("should fail with status 400 bad request when id, collectionId and documentId are missing", async () => { const user = await buildUser(); - const res = await server.post("/api/shares.info", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/shares.info", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -672,9 +616,8 @@ describe("#shares.info", () => { it("should fail with status 400 bad request when documentId is invalid", async () => { const user = await buildUser(); - const res = await server.post("/api/shares.info", { + const res = await server.post("/api/shares.info", user, { body: { - token: user.getJwtToken(), documentId: "foo", }, }); @@ -702,9 +645,8 @@ describe("#shares.info", () => { teamId: admin.teamId, userId: admin.id, }); - const res = await server.post("/api/shares.info", { + const res = await server.post("/api/shares.info", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -722,9 +664,8 @@ describe("#shares.info", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.info", { + const res = await server.post("/api/shares.info", user, { body: { - token: user.getJwtToken(), id: share.id, }, }); @@ -747,9 +688,8 @@ describe("#shares.info", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.info", { + const res = await server.post("/api/shares.info", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -765,9 +705,8 @@ describe("#shares.info", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.info", { + const res = await server.post("/api/shares.info", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -803,9 +742,8 @@ describe("#shares.info", () => { }); await collection.reload(); await collection.addDocumentToStructure(childDocument, 0); - const res = await server.post("/api/shares.info", { + const res = await server.post("/api/shares.info", user, { body: { - token: user.getJwtToken(), documentId: childDocument.id, }, }); @@ -852,9 +790,8 @@ describe("#shares.info", () => { userId: user.id, }); await collection.addDocumentToStructure(childDocument, 0); - const res = await server.post("/api/shares.info", { + const res = await server.post("/api/shares.info", user, { body: { - token: user.getJwtToken(), documentId: childDocument.id, }, }); @@ -897,9 +834,8 @@ describe("#shares.info", () => { }); await collection.reload(); await collection.addDocumentToStructure(childDocument, 0); - const res = await server.post("/api/shares.info", { + const res = await server.post("/api/shares.info", user, { body: { - token: user.getJwtToken(), documentId: childDocument.id, }, }); @@ -928,9 +864,8 @@ describe("#shares.update", () => { documentId: document.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, urlId: "url_id", }, @@ -944,9 +879,8 @@ describe("#shares.update", () => { it("should fail with status 400 bad request when id is missing", async () => { const user = await buildUser(); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), urlId: "url-id", }, }); @@ -967,9 +901,8 @@ describe("#shares.update", () => { documentId: document.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, urlId: "url-id", }, @@ -989,17 +922,15 @@ describe("#shares.update", () => { documentId: document.id, teamId: user.teamId, }); - await server.post("/api/shares.update", { + await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, urlId: "url-id", }, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, urlId: null, }, @@ -1019,9 +950,8 @@ describe("#shares.update", () => { documentId: document.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, title: "Custom Title", iconUrl: "https://example.com/icon.png", @@ -1045,9 +975,8 @@ describe("#shares.update", () => { title: "Custom Title", iconUrl: "https://example.com/icon.png", }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, title: null, iconUrl: null, @@ -1070,9 +999,8 @@ describe("#shares.update", () => { teamId: user.teamId, title: "Custom Title", }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, title: "", }, @@ -1092,9 +1020,8 @@ describe("#shares.update", () => { documentId: document.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, iconUrl: "/uploads/icon.png", }, @@ -1114,9 +1041,8 @@ describe("#shares.update", () => { documentId: document.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, iconUrl: "not a url", }, @@ -1134,9 +1060,8 @@ describe("#shares.update", () => { documentId: document.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, iconUrl: "javascript:alert(1)", }, @@ -1154,9 +1079,8 @@ describe("#shares.update", () => { documentId: document.id, teamId: user.teamId, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, published: true, }, @@ -1178,9 +1102,8 @@ describe("#shares.update", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, published: true, }, @@ -1201,9 +1124,8 @@ describe("#shares.update", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", admin, { body: { - token: admin.getJwtToken(), id: share.id, published: true, }, @@ -1246,9 +1168,8 @@ describe("#shares.update", () => { teamId: admin.teamId, userId: admin.id, }); - const res = await server.post("/api/shares.update", { + const res = await server.post("/api/shares.update", user, { body: { - token: user.getJwtToken(), id: share.id, published: true, }, @@ -1260,11 +1181,7 @@ describe("#shares.update", () => { describe("#shares.revoke", () => { it("should fail with status 400 bad request when id is missing", async () => { const user = await buildUser(); - const res = await server.post("/api/shares.revoke", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/shares.revoke", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -1283,9 +1200,8 @@ describe("#shares.revoke", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.revoke", { + const res = await server.post("/api/shares.revoke", user, { body: { - token: user.getJwtToken(), id: share.id, }, }); @@ -1303,9 +1219,8 @@ describe("#shares.revoke", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.revoke", { + const res = await server.post("/api/shares.revoke", user, { body: { - token: user.getJwtToken(), id: share.id, }, }); @@ -1324,9 +1239,8 @@ describe("#shares.revoke", () => { userId: user.id, }); await withAPIContext(user, (ctx) => document.destroyWithCtx(ctx)); - const res = await server.post("/api/shares.revoke", { + const res = await server.post("/api/shares.revoke", user, { body: { - token: user.getJwtToken(), id: share.id, }, }); @@ -1343,9 +1257,8 @@ describe("#shares.revoke", () => { teamId: user.teamId, userId: user.id, }); - const res = await server.post("/api/shares.revoke", { + const res = await server.post("/api/shares.revoke", admin, { body: { - token: admin.getJwtToken(), id: share.id, }, }); @@ -1383,9 +1296,8 @@ describe("#shares.revoke", () => { teamId: admin.teamId, userId: admin.id, }); - const res = await server.post("/api/shares.revoke", { + const res = await server.post("/api/shares.revoke", user, { body: { - token: user.getJwtToken(), id: share.id, }, }); diff --git a/server/routes/api/stars/stars.test.ts b/server/routes/api/stars/stars.test.ts index a3b1b5e948..d659c043dc 100644 --- a/server/routes/api/stars/stars.test.ts +++ b/server/routes/api/stars/stars.test.ts @@ -7,11 +7,7 @@ describe("#stars.create", () => { it("should fail with status 400 bad request when both documentId and collectionId are missing", async () => { const user = await buildUser(); - const res = await server.post("/api/stars.create", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/stars.create", user); const body = await res.json(); expect(res.status).toEqual(400); @@ -27,9 +23,8 @@ describe("#stars.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/stars.create", { + const res = await server.post("/api/stars.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -55,11 +50,7 @@ describe("#stars.list", () => { userId: user.id, }); - const res = await server.post("/api/stars.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/stars.list", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -76,11 +67,7 @@ describe("#stars.list", () => { describe("#stars.update", () => { it("should fail with status 400 bad request when id is missing", async () => { const user = await buildUser(); - const res = await server.post("/api/stars.update", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/stars.update", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -93,9 +80,8 @@ describe("#stars.update", () => { const star = await buildStar({ userId: user.id, }); - const res = await server.post("/api/stars.update", { + const res = await server.post("/api/stars.update", user, { body: { - token: user.getJwtToken(), id: star.id, index: "i", }, @@ -111,11 +97,7 @@ describe("#stars.update", () => { describe("#stars.delete", () => { it("should fail with status 400 bad request when id is missing", async () => { const user = await buildUser(); - const res = await server.post("/api/stars.delete", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/stars.delete", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual( @@ -129,10 +111,9 @@ describe("#stars.delete", () => { userId: user.id, }); - const res = await server.post("/api/stars.delete", { + const res = await server.post("/api/stars.delete", user, { body: { id: star.id, - token: user.getJwtToken(), }, }); diff --git a/server/routes/api/subscriptions/subscriptions.test.ts b/server/routes/api/subscriptions/subscriptions.test.ts index a48778f4cd..bd63d0871c 100644 --- a/server/routes/api/subscriptions/subscriptions.test.ts +++ b/server/routes/api/subscriptions/subscriptions.test.ts @@ -22,9 +22,8 @@ describe("#subscriptions.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/subscriptions.create", { + const res = await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, event: SubscriptionType.Document, }, @@ -46,9 +45,8 @@ describe("#subscriptions.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/subscriptions.create", { + const res = await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, event: SubscriptionType.Document, }, @@ -70,9 +68,8 @@ describe("#subscriptions.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/subscriptions.create", { + const res = await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, event: SubscriptionType.Document, }, @@ -104,36 +101,32 @@ describe("#subscriptions.create", () => { }); // First `subscriptions.create` request. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, event: SubscriptionType.Document, }, }); // Second `subscriptions.create` request. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, event: SubscriptionType.Document, }, }); // Third `subscriptions.create` request. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, event: SubscriptionType.Document, }, }); // List subscriptions associated with `document.id` - const res = await server.post("/api/subscriptions.list", { + const res = await server.post("/api/subscriptions.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, event: SubscriptionType.Document, }, @@ -156,9 +149,8 @@ describe("#subscriptions.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/subscriptions.create", { + const res = await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, // Subscription on event that cannot be subscribed to. event: "documents.publish", @@ -178,9 +170,8 @@ describe("#subscriptions.create", () => { it("should throw 400 when neither documentId nor collectionId is provided", async () => { const user = await buildUser(); - const res = await server.post("/api/subscriptions.create", { + const res = await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), event: SubscriptionType.Document, }, }); @@ -205,9 +196,8 @@ describe("#subscriptions.create", () => { teamId: user.teamId, }); - const res = await server.post("/api/subscriptions.create", { + const res = await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, documentId: document.id, event: SubscriptionType.Document, @@ -236,9 +226,8 @@ describe("#subscriptions.create", () => { teamId: otherUser.teamId, }); - const res = await server.post("/api/subscriptions.create", { + const res = await server.post("/api/subscriptions.create", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, documentId: otherDocument.id, event: SubscriptionType.Document, @@ -265,17 +254,15 @@ describe("#subscriptions.info", () => { teamId: user.teamId, }); - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber, { body: { - token: subscriber.getJwtToken(), collectionId: collection.id, event: SubscriptionType.Document, }, }); - const res = await server.post("/api/subscriptions.info", { + const res = await server.post("/api/subscriptions.info", subscriber, { body: { - token: subscriber.getJwtToken(), collectionId: collection.id, event: SubscriptionType.Document, }, @@ -305,18 +292,16 @@ describe("#subscriptions.info", () => { }); // `subscriber` subscribes to `document0`. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber, { body: { - token: subscriber.getJwtToken(), documentId: document0.id, event: SubscriptionType.Document, }, }); // `subscriber` subscribes to `document1`. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber, { body: { - token: subscriber.getJwtToken(), documentId: document1.id, event: SubscriptionType.Document, }, @@ -324,13 +309,16 @@ describe("#subscriptions.info", () => { // `subscriber` wants info about // their subscription on `document0`. - const subscription0 = await server.post("/api/subscriptions.info", { - body: { - token: subscriber.getJwtToken(), - documentId: document0.id, - event: SubscriptionType.Document, - }, - }); + const subscription0 = await server.post( + "/api/subscriptions.info", + subscriber, + { + body: { + documentId: document0.id, + event: SubscriptionType.Document, + }, + } + ); const response0 = await subscription0.json(); @@ -343,9 +331,8 @@ describe("#subscriptions.info", () => { it("should throw 400 when neither documentId nor collectionId is provided", async () => { const user = await buildUser(); - const res = await server.post("/api/subscriptions.info", { + const res = await server.post("/api/subscriptions.info", user, { body: { - token: user.getJwtToken(), event: SubscriptionType.Document, }, }); @@ -367,9 +354,8 @@ describe("#subscriptions.info", () => { teamId: author.teamId, }); - const res = await server.post("/api/subscriptions.info", { + const res = await server.post("/api/subscriptions.info", subscriber, { body: { - token: subscriber.getJwtToken(), documentId: document.id, event: SubscriptionType.Document, }, @@ -396,27 +382,24 @@ describe("#subscriptions.info", () => { }); // `subscriber` subscribes to `document0`. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber, { body: { - token: subscriber.getJwtToken(), documentId: document0.id, event: SubscriptionType.Document, }, }); // `subscriber` subscribes to `document1`. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber, { body: { - token: subscriber.getJwtToken(), documentId: document1.id, event: SubscriptionType.Document, }, }); // `viewer` wants info about `subscriber`'s subscription on `document0`. - const subscription0 = await server.post("/api/subscriptions.info", { + const subscription0 = await server.post("/api/subscriptions.info", viewer, { body: { - token: viewer.getJwtToken(), documentId: document0.id, event: SubscriptionType.Document, }, @@ -431,9 +414,8 @@ describe("#subscriptions.info", () => { expect(response0.message).toEqual("Authorization error"); // `viewer` wants info about `subscriber`'s subscription on `document0`. - const subscription1 = await server.post("/api/subscriptions.info", { + const subscription1 = await server.post("/api/subscriptions.info", viewer, { body: { - token: viewer.getJwtToken(), documentId: document1.id, event: SubscriptionType.Document, }, @@ -467,27 +449,24 @@ describe("#subscriptions.info", () => { }); // `subscriber` subscribes to `document0`. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber, { body: { - token: subscriber.getJwtToken(), documentId: document0.id, event: SubscriptionType.Document, }, }); // `subscriber` subscribes to `document1`. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber, { body: { - token: subscriber.getJwtToken(), documentId: document1.id, event: SubscriptionType.Document, }, }); // `viewer` wants info about `subscriber`'s subscription on `document0` - they have requested an invalid event. - const subscription0 = await server.post("/api/subscriptions.info", { + const subscription0 = await server.post("/api/subscriptions.info", viewer, { body: { - token: viewer.getJwtToken(), documentId: document0.id, event: "documents.changed", }, @@ -505,9 +484,8 @@ describe("#subscriptions.info", () => { // `viewer` wants info about `subscriber`'s // subscription on `document0`. // They have requested an invalid event. - const subscription1 = await server.post("/api/subscriptions.info", { + const subscription1 = await server.post("/api/subscriptions.info", viewer, { body: { - token: viewer.getJwtToken(), documentId: document1.id, event: "doc.affected", }, @@ -538,9 +516,8 @@ describe("#subscriptions.list", () => { documentId: document.id, }); - const res = await server.post("/api/subscriptions.list", { + const res = await server.post("/api/subscriptions.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, event: SubscriptionType.Document, }, @@ -570,9 +547,8 @@ describe("#subscriptions.list", () => { // `subscriber0` wants to be notified about // changes on this document. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber0, { body: { - token: subscriber0.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -580,9 +556,8 @@ describe("#subscriptions.list", () => { // `subscriber1` wants to be notified about // changes on this document. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber1, { body: { - token: subscriber1.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -590,9 +565,8 @@ describe("#subscriptions.list", () => { // `viewer` just wants to know the subscribers // for this document. - const res = await server.post("/api/subscriptions.list", { + const res = await server.post("/api/subscriptions.list", viewer, { body: { - token: viewer.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -606,9 +580,8 @@ describe("#subscriptions.list", () => { // `subscriber0` wants to know the subscribers // for this document. - const res0 = await server.post("/api/subscriptions.list", { + const res0 = await server.post("/api/subscriptions.list", subscriber0, { body: { - token: subscriber0.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -623,9 +596,8 @@ describe("#subscriptions.list", () => { // `subscriber1` wants to know the subscribers // for this document. - const res1 = await server.post("/api/subscriptions.list", { + const res1 = await server.post("/api/subscriptions.list", subscriber1, { body: { - token: subscriber1.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -654,9 +626,8 @@ describe("#subscriptions.list", () => { // `subscriber0` wants to be notified about // changes on this document. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber0, { body: { - token: subscriber0.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -664,9 +635,8 @@ describe("#subscriptions.list", () => { // `subscriber1` wants to be notified about // changes on this document. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber1, { body: { - token: subscriber1.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -674,9 +644,8 @@ describe("#subscriptions.list", () => { // `viewer` just wants to know the subscribers // for this document. - const res = await server.post("/api/subscriptions.list", { + const res = await server.post("/api/subscriptions.list", viewer, { body: { - token: viewer.getJwtToken(), documentId: document.id, event: "changes.on.documents", }, @@ -707,9 +676,8 @@ describe("#subscriptions.list", () => { // `subscriber0` wants to be notified about // changes on this document. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber0, { body: { - token: subscriber0.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -717,9 +685,8 @@ describe("#subscriptions.list", () => { // `subscriber1` wants to be notified about // changes on this document. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber1, { body: { - token: subscriber1.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -727,9 +694,8 @@ describe("#subscriptions.list", () => { // `viewer` wants to know the subscribers // for this internal document. - const res = await server.post("/api/subscriptions.info", { + const res = await server.post("/api/subscriptions.info", viewer, { body: { - token: viewer.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -748,9 +714,8 @@ describe("#subscriptions.list", () => { it("should throw 400 when neither documentId nor collectionId is provided", async () => { const user = await buildUser(); - const res = await server.post("/api/subscriptions.list", { + const res = await server.post("/api/subscriptions.list", user, { body: { - token: user.getJwtToken(), event: SubscriptionType.Document, }, }); @@ -870,10 +835,9 @@ describe("#subscriptions.delete", () => { documentId: document.id, }); - const res = await server.post("/api/subscriptions.delete", { + const res = await server.post("/api/subscriptions.delete", user, { body: { id: subscription.id, - token: user.getJwtToken(), }, }); @@ -904,10 +868,9 @@ describe("#subscriptions.delete", () => { collectionId: collection.id, }); - const res = await server.post("/api/subscriptions.delete", { + const res = await server.post("/api/subscriptions.delete", user, { body: { id: subscription.id, - token: user.getJwtToken(), }, }); @@ -943,9 +906,8 @@ describe("#subscriptions.delete", () => { // `subscriber0` wants to be notified about // changes on this document. - await server.post("/api/subscriptions.create", { + await server.post("/api/subscriptions.create", subscriber0, { body: { - token: subscriber0.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -953,9 +915,8 @@ describe("#subscriptions.delete", () => { // `subscriber1` wants to be notified about // changes on this document. - const resp = await server.post("/api/subscriptions.create", { + const resp = await server.post("/api/subscriptions.create", subscriber1, { body: { - token: subscriber1.getJwtToken(), documentId: document.id, event: "documents.update", }, @@ -966,10 +927,9 @@ describe("#subscriptions.delete", () => { // `subscriber0` wants to change `subscriber1`'s // subscription for this document. - const res = await server.post("/api/subscriptions.delete", { + const res = await server.post("/api/subscriptions.delete", subscriber0, { body: { id: subscription1Id, - token: subscriber0.getJwtToken(), }, }); diff --git a/server/routes/api/teams/teams.test.ts b/server/routes/api/teams/teams.test.ts index 4e42b77fe2..5473f13921 100644 --- a/server/routes/api/teams/teams.test.ts +++ b/server/routes/api/teams/teams.test.ts @@ -15,9 +15,8 @@ describe("teams.create", () => { const team = await buildTeam(); const user = await buildAdmin({ teamId: team.id }); const name = faker.company.name(); - const res = await server.post("/api/teams.create", { + const res = await server.post("/api/teams.create", user, { body: { - token: user.getJwtToken(), name, }, }); @@ -31,9 +30,8 @@ describe("teams.create", () => { const team = await buildTeam(); const user = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/teams.create", { + const res = await server.post("/api/teams.create", user, { body: { - token: user.getJwtToken(), name: faker.company.name(), }, }); @@ -45,9 +43,8 @@ describe("#team.update", () => { it("should update team details", async () => { const admin = await buildAdmin(); const name = faker.company.name(); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), name, }, }); @@ -59,9 +56,8 @@ describe("#team.update", () => { it("should add avatar", async () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), avatarUrl: "https://random-url.com", }, }); @@ -73,9 +69,8 @@ describe("#team.update", () => { it("should remove avatar", async () => { const team = await buildTeam({ avatarUrl: "https://random-url.com" }); const admin = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), avatarUrl: null, }, }); @@ -86,9 +81,8 @@ describe("#team.update", () => { it("should not invalidate request if subdomain is sent as null", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), subdomain: null, }, }); @@ -100,9 +94,8 @@ describe("#team.update", () => { const admin = await buildAdmin({ teamId: team.id }); const domain1 = faker.internet.domainName(); const domain2 = faker.internet.domainName(); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), allowedDomains: [domain1, "", domain2, "", ""], }, }); @@ -127,9 +120,8 @@ describe("#team.update", () => { createdById: admin.id, }); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), allowedDomains: [], }, }); @@ -156,9 +148,8 @@ describe("#team.update", () => { const domain1 = faker.internet.domainName(); const domain2 = faker.internet.domainName(); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), allowedDomains: [domain1, domain2], }, }); @@ -177,16 +168,14 @@ describe("#team.update", () => { it("should only allow member,viewer or admin as default role", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), defaultUserRole: "New name", }, }); expect(res.status).toEqual(400); - const successRes = await server.post("/api/team.update", { + const successRes = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), defaultUserRole: "viewer", }, }); @@ -198,9 +187,8 @@ describe("#team.update", () => { it("should allow identical team details", async () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), name: team.name, }, }); @@ -211,9 +199,8 @@ describe("#team.update", () => { it("should require admin", async () => { const user = await buildUser(); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", user, { body: { - token: user.getJwtToken(), name: faker.company.name(), }, }); @@ -227,9 +214,8 @@ describe("#team.update", () => { it("should not allow setting team name to null", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), name: null, }, }); @@ -244,9 +230,8 @@ describe("#team.update", () => { userId: admin.id, }); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), defaultCollectionId: collection.id, }, }); @@ -268,9 +253,8 @@ describe("#team.update", () => { userId: admin.id, }); - const res = await server.post("/api/team.update", { + const res = await server.post("/api/team.update", admin, { body: { - token: admin.getJwtToken(), defaultCollectionId: collection.id, }, }); @@ -279,9 +263,8 @@ describe("#team.update", () => { expect(res.status).toEqual(200); expect(body.data.defaultCollectionId).toEqual(collection.id); - const updateRes = await server.post("/api/collections.update", { + const updateRes = await server.post("/api/collections.update", admin, { body: { - token: admin.getJwtToken(), id: collection.id, permission: null, }, @@ -289,11 +272,7 @@ describe("#team.update", () => { expect(updateRes.status).toEqual(200); - const res3 = await server.post("/api/auth.info", { - body: { - token: admin.getJwtToken(), - }, - }); + const res3 = await server.post("/api/auth.info", admin); const body3 = await res3.json(); expect(res3.status).toEqual(200); expect(body3.data.team.defaultCollectionId).toEqual(null); diff --git a/server/routes/api/templates/templates.test.ts b/server/routes/api/templates/templates.test.ts index da6bd721b1..947aa6c017 100644 --- a/server/routes/api/templates/templates.test.ts +++ b/server/routes/api/templates/templates.test.ts @@ -20,11 +20,7 @@ describe("#templates.list", () => { teamId: user.teamId, }); - const res = await server.post("/api/templates.list", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/templates.list", user); const body = await res.json(); expect(res.status).toEqual(200); @@ -45,9 +41,8 @@ describe("#templates.list", () => { collectionId: collection.id, }); - const res = await server.post("/api/templates.list", { + const res = await server.post("/api/templates.list", user, { body: { - token: user.getJwtToken(), collectionId: collection.id, }, }); @@ -72,9 +67,8 @@ describe("#templates.info", () => { teamId: user.teamId, }); - const res = await server.post("/api/templates.info", { + const res = await server.post("/api/templates.info", user, { body: { - token: user.getJwtToken(), id: template.id, }, }); @@ -92,9 +86,8 @@ describe("#templates.info", () => { it("should fail for invalid template id", async () => { const user = await buildUser(); - const res = await server.post("/api/templates.info", { + const res = await server.post("/api/templates.info", user, { body: { - token: user.getJwtToken(), id: "invalid", }, }); @@ -112,9 +105,8 @@ describe("#templates.update", () => { title: "Original title", }); - const res = await server.post("/api/templates.update", { + const res = await server.post("/api/templates.update", user, { body: { - token: user.getJwtToken(), id: template.id, title: "New title", }, @@ -148,9 +140,8 @@ describe("#templates.update", () => { ], }; - const res = await server.post("/api/templates.update", { + const res = await server.post("/api/templates.update", user, { body: { - token: user.getJwtToken(), id: template.id, data, }, @@ -173,9 +164,8 @@ describe("#templates.update", () => { teamId: admin.teamId, }); - const res = await server.post("/api/templates.update", { + const res = await server.post("/api/templates.update", admin, { body: { - token: admin.getJwtToken(), id: template.id, collectionId: targetCollection.id, }, @@ -199,9 +189,8 @@ describe("#templates.update", () => { permission: null, }); - const res = await server.post("/api/templates.update", { + const res = await server.post("/api/templates.update", user, { body: { - token: user.getJwtToken(), id: template.id, collectionId: inaccessibleCollection.id, }, @@ -222,9 +211,8 @@ describe("#templates.update", () => { // but is not a team admin const user = await buildUser({ teamId: admin.teamId }); - const res = await server.post("/api/templates.update", { + const res = await server.post("/api/templates.update", user, { body: { - token: user.getJwtToken(), id: template.id, collectionId: null, }, @@ -240,9 +228,8 @@ describe("#templates.update", () => { teamId: admin.teamId, }); - const res = await server.post("/api/templates.update", { + const res = await server.post("/api/templates.update", admin, { body: { - token: admin.getJwtToken(), id: template.id, collectionId: null, }, @@ -255,9 +242,8 @@ describe("#templates.update", () => { it("should fail with status 400 bad request when id is missing", async () => { const user = await buildUser(); - const res = await server.post("/api/templates.update", { + const res = await server.post("/api/templates.update", user, { body: { - token: user.getJwtToken(), title: "New title", }, }); @@ -281,9 +267,8 @@ describe("#templates.duplicate", () => { title: "test", }); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", user, { body: { - token: user.getJwtToken(), id: template.id, }, }); @@ -302,9 +287,8 @@ describe("#templates.duplicate", () => { teamId: user.teamId, }); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", user, { body: { - token: user.getJwtToken(), id: template.id, title: "New title", }, @@ -329,9 +313,8 @@ describe("#templates.duplicate", () => { teamId: admin.teamId, }); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", admin, { body: { - token: admin.getJwtToken(), id: template.id, collectionId: targetCollection.id, }, @@ -355,9 +338,8 @@ describe("#templates.duplicate", () => { permission: null, }); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", user, { body: { - token: user.getJwtToken(), id: template.id, collectionId: inaccessibleCollection.id, }, @@ -376,9 +358,8 @@ describe("#templates.duplicate", () => { // Non-admin member on the same team const user = await buildUser({ teamId: admin.teamId }); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", user, { body: { - token: user.getJwtToken(), id: template.id, collectionId: null, }, @@ -394,9 +375,8 @@ describe("#templates.duplicate", () => { teamId: admin.teamId, }); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", admin, { body: { - token: admin.getJwtToken(), id: template.id, collectionId: null, }, @@ -414,9 +394,8 @@ describe("#templates.duplicate", () => { teamId: user.teamId, }); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", user, { body: { - token: user.getJwtToken(), id: template.id, }, }); @@ -433,9 +412,8 @@ describe("#templates.duplicate", () => { it("should fail for invalid template id", async () => { const user = await buildUser(); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", user, { body: { - token: user.getJwtToken(), id: "invalid", }, }); @@ -452,9 +430,8 @@ describe("#templates.delete", () => { teamId: user.teamId, }); - const res = await server.post("/api/templates.delete", { + const res = await server.post("/api/templates.delete", user, { body: { - token: user.getJwtToken(), id: template.id, }, }); @@ -466,11 +443,7 @@ describe("#templates.delete", () => { it("should fail with status 400 bad request when id is missing", async () => { const user = await buildUser(); - const res = await server.post("/api/templates.delete", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/templates.delete", user); const body = await res.json(); expect(res.status).toEqual(400); expect(body.message).toEqual("id: Must be a valid UUID or slug"); @@ -494,9 +467,8 @@ describe("templateManagement", () => { const member = await buildUser({ teamId: admin.teamId }); - const res = await server.post("/api/templates.create", { + const res = await server.post("/api/templates.create", member, { body: { - token: member.getJwtToken(), collectionId: collection.id, title: "Member template", data: { @@ -527,9 +499,8 @@ describe("templateManagement", () => { const member = await buildUser({ teamId: admin.teamId }); - const res = await server.post("/api/templates.create", { + const res = await server.post("/api/templates.create", member, { body: { - token: member.getJwtToken(), collectionId: collection.id, title: "Member template", data: { @@ -564,9 +535,8 @@ describe("templateManagement", () => { permission: CollectionPermission.ReadWrite, }); - const res = await server.post("/api/templates.create", { + const res = await server.post("/api/templates.create", member, { body: { - token: member.getJwtToken(), collectionId: collection.id, title: "Member template", data: { @@ -603,9 +573,8 @@ describe("templateManagement", () => { permission: CollectionPermission.Read, }); - const res = await server.post("/api/templates.create", { + const res = await server.post("/api/templates.create", member, { body: { - token: member.getJwtToken(), collectionId: collection.id, title: "Member template", data: { @@ -640,9 +609,8 @@ describe("templateManagement", () => { collectionId: collection.id, }); - const res = await server.post("/api/templates.update", { + const res = await server.post("/api/templates.update", member, { body: { - token: member.getJwtToken(), id: template.id, title: "Updated by member", }, @@ -668,9 +636,8 @@ describe("templateManagement", () => { collectionId: collection.id, }); - const res = await server.post("/api/templates.update", { + const res = await server.post("/api/templates.update", member, { body: { - token: member.getJwtToken(), id: template.id, title: "Updated by member", }, @@ -696,9 +663,8 @@ describe("templateManagement", () => { collectionId: collection.id, }); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", member, { body: { - token: member.getJwtToken(), id: template.id, }, }); @@ -723,9 +689,8 @@ describe("templateManagement", () => { collectionId: collection.id, }); - const res = await server.post("/api/templates.duplicate", { + const res = await server.post("/api/templates.duplicate", member, { body: { - token: member.getJwtToken(), id: template.id, }, }); @@ -751,9 +716,8 @@ describe("templateManagement", () => { }); await template.destroy(); - const res = await server.post("/api/templates.restore", { + const res = await server.post("/api/templates.restore", member, { body: { - token: member.getJwtToken(), id: template.id, }, }); @@ -779,9 +743,8 @@ describe("templateManagement", () => { }); await template.destroy(); - const res = await server.post("/api/templates.restore", { + const res = await server.post("/api/templates.restore", member, { body: { - token: member.getJwtToken(), id: template.id, }, }); @@ -806,9 +769,8 @@ describe("templateManagement", () => { collectionId: collection.id, }); - const res = await server.post("/api/templates.delete", { + const res = await server.post("/api/templates.delete", member, { body: { - token: member.getJwtToken(), id: template.id, }, }); @@ -833,9 +795,8 @@ describe("templateManagement", () => { collectionId: collection.id, }); - const res = await server.post("/api/templates.delete", { + const res = await server.post("/api/templates.delete", member, { body: { - token: member.getJwtToken(), id: template.id, }, }); diff --git a/server/routes/api/urls/urls.test.ts b/server/routes/api/urls/urls.test.ts index dd41ceeed5..28ac6fe78f 100644 --- a/server/routes/api/urls/urls.test.ts +++ b/server/routes/api/urls/urls.test.ts @@ -53,9 +53,8 @@ describe("#urls.unfurl", () => { }); it("should fail with status 400 bad request when url is invalid", async () => { - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: "/doc/foo-bar", }, }); @@ -66,9 +65,8 @@ describe("#urls.unfurl", () => { }); it("should fail with status 400 bad request when mention url is invalid", async () => { - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: "mention://1/foo/1", }, }); @@ -79,9 +77,8 @@ describe("#urls.unfurl", () => { }); it("should fail with status 400 bad request when mention url is supplied without documentId", async () => { - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: "mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/34095ac1-c808-45c0-8c6e-6c554497de64", }, }); @@ -92,9 +89,8 @@ describe("#urls.unfurl", () => { }); it("should fail with status 404 not found when mention user does not exist", async () => { - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: "mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/34095ac1-c808-45c0-8c6e-6c554497de64", documentId: "2767ba0e-ac5c-4533-b9cf-4f5fc456600e", }, @@ -110,9 +106,8 @@ describe("#urls.unfurl", () => { teamId: user.teamId, }); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: `mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/${mentionedUser.id}`, documentId: "2767ba0e-ac5c-4533-b9cf-4f5fc456600e", }, @@ -129,9 +124,8 @@ describe("#urls.unfurl", () => { teamId: user.teamId, }); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: `mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/${mentionedUser.id}`, documentId: document.id, }, @@ -147,9 +141,8 @@ describe("#urls.unfurl", () => { teamId: user.teamId, }); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: `mention://2767ba0e-ac5c-4533-b9cf-4f5fc456600e/user/${mentionedUser.id}`, documentId: document.id, }, @@ -161,9 +154,8 @@ describe("#urls.unfurl", () => { }); it("should return 204 when internal document url points to non-existent document", async () => { - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: `${env.URL}/doc/non-existent-doc-abc123`, }, }); @@ -175,9 +167,8 @@ describe("#urls.unfurl", () => { teamId: user.teamId, }); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: `${env.URL}/${document.url}`, documentId: document.id, }, @@ -200,9 +191,8 @@ describe("#urls.unfurl", () => { published: true, }); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: `${env.URL}/s/${share.id}/doc/${document.urlId}`, }, }); @@ -225,9 +215,8 @@ describe("#urls.unfurl", () => { published: true, }); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: `${env.URL}/s/${share.urlId}/doc/${document.urlId}`, }, }); @@ -272,9 +261,8 @@ describe("#urls.unfurl", () => { published: true, }); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: `${env.URL}/s/${share.id}/doc/${document.urlId}`, }, }); @@ -294,9 +282,8 @@ describe("#urls.unfurl", () => { published: true, }); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: `${env.URL}/s/${share.id}`, }, }); @@ -337,9 +324,8 @@ describe("#urls.unfurl", () => { }) ); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: "https://www.flickr.com", }, }); @@ -368,9 +354,8 @@ describe("#urls.unfurl", () => { }) ); - const res = await server.post("/api/urls.unfurl", { + const res = await server.post("/api/urls.unfurl", user, { body: { - token: user.getJwtToken(), url: "https://random.url", }, }); @@ -386,19 +371,14 @@ describe("#urls.checkEmbed", () => { }); it("should fail with status 400 bad request when url is missing", async () => { - const res = await server.post("/api/urls.checkEmbed", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/urls.checkEmbed", user); expect(res.status).toEqual(400); }); it("should fail with status 400 bad request when url is not a valid URL", async () => { - const res = await server.post("/api/urls.checkEmbed", { + const res = await server.post("/api/urls.checkEmbed", user, { body: { - token: user.getJwtToken(), url: "not-a-url", }, }); @@ -408,9 +388,8 @@ describe("#urls.checkEmbed", () => { it("should return a result for valid URLs", async () => { // Use a YouTube URL which matches a known embed pattern - const res = await server.post("/api/urls.checkEmbed", { + const res = await server.post("/api/urls.checkEmbed", user, { body: { - token: user.getJwtToken(), url: "https://www.youtube.com/watch?v=dQw4w9WgXcQ", }, }); @@ -425,9 +404,8 @@ describe("#urls.checkEmbed", () => { describe("#urls.validateCustomDomain", () => { it("should succeed with custom domain pointing at server", async () => { const user = await buildUser(); - const res = await server.post("/api/urls.validateCustomDomain", { + const res = await server.post("/api/urls.validateCustomDomain", user, { body: { - token: user.getJwtToken(), hostname: "valid.custom.domain", }, }); @@ -436,9 +414,8 @@ describe("#urls.validateCustomDomain", () => { it("should fail with another domain", async () => { const user = await buildUser(); - const res = await server.post("/api/urls.validateCustomDomain", { + const res = await server.post("/api/urls.validateCustomDomain", user, { body: { - token: user.getJwtToken(), hostname: "google.com", }, }); diff --git a/server/routes/api/userMemberships/userMemberships.test.ts b/server/routes/api/userMemberships/userMemberships.test.ts index 180ff33105..93aa453745 100644 --- a/server/routes/api/userMemberships/userMemberships.test.ts +++ b/server/routes/api/userMemberships/userMemberships.test.ts @@ -30,20 +30,15 @@ describe("#userMemberships.list", () => { const member = await buildUser({ teamId: user.teamId, }); - await server.post("/api/documents.add_user", { + await server.post("/api/documents.add_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: member.id, }, }); const users = await document.$get("users"); expect(users.length).toEqual(1); - const res = await server.post("/api/userMemberships.list", { - body: { - token: member.getJwtToken(), - }, - }); + const res = await server.post("/api/userMemberships.list", member); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).not.toBeFalsy(); @@ -79,9 +74,8 @@ describe("#userMemberships.update", () => { const member = await buildUser({ teamId: user.teamId, }); - const resp = await server.post("/api/documents.add_user", { + const resp = await server.post("/api/documents.add_user", user, { body: { - token: user.getJwtToken(), id: document.id, userId: member.id, }, @@ -93,9 +87,8 @@ describe("#userMemberships.update", () => { const users = await document.$get("users"); expect(users.length).toEqual(1); - const res = await server.post("/api/userMemberships.update", { + const res = await server.post("/api/userMemberships.update", member, { body: { - token: member.getJwtToken(), id: respBody.data.memberships[0].id, index: "V", }, diff --git a/server/routes/api/users/users.test.ts b/server/routes/api/users/users.test.ts index 998512ae88..3ecbeaa929 100644 --- a/server/routes/api/users/users.test.ts +++ b/server/routes/api/users/users.test.ts @@ -27,10 +27,9 @@ describe("#users.list", () => { email: "john.doe@example.com", }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { query: "john.doe@e", - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -49,10 +48,9 @@ describe("#users.list", () => { teamId: user.teamId, suspendedAt: new Date(), }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { query: "test", - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -69,10 +67,9 @@ describe("#users.list", () => { name: "Admin", teamId: user.teamId, }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { role: UserRole.Admin, - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -88,11 +85,10 @@ describe("#users.list", () => { teamId: admin.teamId, suspendedAt: new Date(), }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", admin, { body: { query: "test", filter: "suspended", - token: admin.getJwtToken(), }, }); const body = await res.json(); @@ -107,10 +103,9 @@ describe("#users.list", () => { teamId: user.teamId, suspendedAt: new Date(), }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { query: "test", - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -126,11 +121,10 @@ describe("#users.list", () => { name: "Tester", teamId: user.teamId, }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { query: "test", filter: "active", - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -147,11 +141,10 @@ describe("#users.list", () => { teamId: user.teamId, lastActiveAt: null, }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", user, { body: { query: "test", filter: "invited", - token: user.getJwtToken(), }, }); const body = await res.json(); @@ -164,9 +157,8 @@ describe("#users.list", () => { const admin = await buildAdmin({ teamId: team.id }); await buildUser({ teamId: team.id }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", admin, { body: { - token: admin.getJwtToken(), sort: "createdAt", direction: "DESC", }, @@ -181,9 +173,8 @@ describe("#users.list", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", admin, { body: { - token: admin.getJwtToken(), ids: [user.id], }, }); @@ -198,9 +189,8 @@ describe("#users.list", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", admin, { body: { - token: admin.getJwtToken(), emails: [user.email], }, }); @@ -216,9 +206,8 @@ describe("#users.list", () => { const user = await buildUser({ teamId: team.id }); // Test with uppercase email - const res = await server.post("/api/users.list", { + const res = await server.post("/api/users.list", admin, { body: { - token: admin.getJwtToken(), emails: [user.email!.toUpperCase()], }, }); @@ -235,9 +224,8 @@ describe("#users.list", () => { ) .join("@"); - const res2 = await server.post("/api/users.list", { + const res2 = await server.post("/api/users.list", admin, { body: { - token: admin.getJwtToken(), emails: [mixedCaseEmail], }, }); @@ -251,11 +239,7 @@ describe("#users.list", () => { const team = await buildTeam(); await buildUser({ teamId: team.id }); const guest = await buildUser({ teamId: team.id, role: UserRole.Guest }); - const res = await server.post("/api/users.list", { - body: { - token: guest.getJwtToken(), - }, - }); + const res = await server.post("/api/users.list", guest); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(2); @@ -267,11 +251,7 @@ describe("#users.list", () => { const team = await buildTeam(); await buildUser({ teamId: team.id }); const viewer = await buildUser({ teamId: team.id, role: UserRole.Viewer }); - const res = await server.post("/api/users.list", { - body: { - token: viewer.getJwtToken(), - }, - }); + const res = await server.post("/api/users.list", viewer); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(2); @@ -283,11 +263,7 @@ describe("#users.list", () => { const team = await buildTeam(); const user = await buildUser({ teamId: team.id }); const member = await buildUser({ teamId: team.id, role: UserRole.Member }); - const res = await server.post("/api/users.list", { - body: { - token: member.getJwtToken(), - }, - }); + const res = await server.post("/api/users.list", member); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(2); @@ -299,11 +275,7 @@ describe("#users.list", () => { const team = await buildTeam(); await buildUser({ teamId: team.id }); const guest = await buildUser({ teamId: team.id, role: UserRole.Guest }); - const res = await server.post("/api/users.list", { - body: { - token: guest.getJwtToken(), - }, - }); + const res = await server.post("/api/users.list", guest); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(2); @@ -321,11 +293,7 @@ describe("#users.list", () => { const team = await buildTeam(); await buildUser({ teamId: team.id }); const viewer = await buildUser({ teamId: team.id, role: UserRole.Viewer }); - const res = await server.post("/api/users.list", { - body: { - token: viewer.getJwtToken(), - }, - }); + const res = await server.post("/api/users.list", viewer); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(2); @@ -343,11 +311,7 @@ describe("#users.list", () => { const team = await buildTeam(); await buildUser({ teamId: team.id }); const member = await buildUser({ teamId: team.id, role: UserRole.Member }); - const res = await server.post("/api/users.list", { - body: { - token: member.getJwtToken(), - }, - }); + const res = await server.post("/api/users.list", member); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(2); @@ -365,11 +329,7 @@ describe("#users.list", () => { const team = await buildTeam(); const admin = await buildAdmin({ teamId: team.id }); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/users.list", { - body: { - token: admin.getJwtToken(), - }, - }); + const res = await server.post("/api/users.list", admin); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data).toHaveLength(2); @@ -389,11 +349,7 @@ describe("#users.list", () => { describe("#users.info", () => { it("should return current user with no id", async () => { const user = await buildUser(); - const res = await server.post("/api/users.info", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/users.info", user); const body = await res.json(); expect(res.status).toEqual(200); expect(body.data.id).toEqual(user.id); @@ -406,9 +362,8 @@ describe("#users.info", () => { const another = await buildUser({ teamId: user.teamId, }); - const res = await server.post("/api/users.info", { + const res = await server.post("/api/users.info", user, { body: { - token: user.getJwtToken(), id: another.id, }, }); @@ -423,9 +378,8 @@ describe("#users.info", () => { it("should now return user without permission", async () => { const user = await buildUser(); const another = await buildUser(); - const res = await server.post("/api/users.info", { + const res = await server.post("/api/users.info", user, { body: { - token: user.getJwtToken(), id: another.id, }, }); @@ -441,9 +395,8 @@ describe("#users.info", () => { describe("#users.invite", () => { it("should return sent invites", async () => { const user = await buildAdmin(); - const res = await server.post("/api/users.invite", { + const res = await server.post("/api/users.invite", user, { body: { - token: user.getJwtToken(), invites: [ { email: "test@example.com", @@ -460,9 +413,8 @@ describe("#users.invite", () => { it("should require invites to be an array", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/users.invite", { + const res = await server.post("/api/users.invite", admin, { body: { - token: admin.getJwtToken(), invites: { email: "test@example.com", name: "Test", @@ -475,9 +427,8 @@ describe("#users.invite", () => { it("should allow members to invite members", async () => { const user = await buildUser(); - const res = await server.post("/api/users.invite", { + const res = await server.post("/api/users.invite", user, { body: { - token: user.getJwtToken(), invites: [ { email: "test@example.com", @@ -494,9 +445,8 @@ describe("#users.invite", () => { it("should now allow viewers to invite", async () => { const user = await buildViewer(); - const res = await server.post("/api/users.invite", { + const res = await server.post("/api/users.invite", user, { body: { - token: user.getJwtToken(), invites: [ { email: "test@example.com", @@ -515,9 +465,8 @@ describe("#users.invite", () => { await team.save(); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/users.invite", { + const res = await server.post("/api/users.invite", user, { body: { - token: user.getJwtToken(), invites: [ { email: "test@example.com", @@ -532,9 +481,8 @@ describe("#users.invite", () => { it("should invite user as an admin", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/users.invite", { + const res = await server.post("/api/users.invite", admin, { body: { - token: admin.getJwtToken(), invites: [ { email: "test@example.com", @@ -552,9 +500,8 @@ describe("#users.invite", () => { it("should invite user as a viewer", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/users.invite", { + const res = await server.post("/api/users.invite", admin, { body: { - token: admin.getJwtToken(), invites: [ { email: "test@example.com", @@ -572,9 +519,8 @@ describe("#users.invite", () => { it("should limit number of invites", async () => { const user = await buildUser(); - const res = await server.post("/api/users.invite", { + const res = await server.post("/api/users.invite", user, { body: { - token: user.getJwtToken(), invites: new Array(21).fill({ email: "test@example.com", name: "Test", @@ -597,11 +543,7 @@ describe("#users.delete", () => { await buildUser({ teamId: user.teamId, }); - const res = await server.post("/api/users.delete", { - body: { - token: user.getJwtToken(), - }, - }); + const res = await server.post("/api/users.delete", user); expect(res.status).toEqual(400); }); @@ -610,10 +552,9 @@ describe("#users.delete", () => { await buildUser({ teamId: user.teamId, }); - const res = await server.post("/api/users.delete", { + const res = await server.post("/api/users.delete", user, { body: { code: "123", - token: user.getJwtToken(), }, }); expect(res.status).toEqual(400); @@ -624,10 +565,9 @@ describe("#users.delete", () => { await buildUser({ teamId: user.teamId, }); - const res = await server.post("/api/users.delete", { + const res = await server.post("/api/users.delete", user, { body: { code: user.deleteConfirmationCode, - token: user.getJwtToken(), }, }); expect(res.status).toEqual(200); @@ -638,10 +578,9 @@ describe("#users.delete", () => { const user = await buildUser({ teamId: admin.teamId, }); - const res = await server.post("/api/users.delete", { + const res = await server.post("/api/users.delete", admin, { body: { id: user.id, - token: admin.getJwtToken(), }, }); expect(res.status).toEqual(200); @@ -658,9 +597,8 @@ describe("#users.delete", () => { describe("#users.update", () => { it("should update user profile information", async () => { const user = await buildUser(); - const res = await server.post("/api/users.update", { + const res = await server.post("/api/users.update", user, { body: { - token: user.getJwtToken(), name: "New name", }, }); @@ -674,10 +612,9 @@ describe("#users.update", () => { const user = await buildUser({ teamId: admin.teamId, }); - const res = await server.post("/api/users.update", { + const res = await server.post("/api/users.update", admin, { body: { id: user.id, - token: admin.getJwtToken(), name: "New name", }, }); @@ -692,10 +629,9 @@ describe("#users.update", () => { const user = await buildUser({ teamId: actor.teamId, }); - const res = await server.post("/api/users.update", { + const res = await server.post("/api/users.update", actor, { body: { id: user.id, - token: actor.getJwtToken(), name: "New name", }, }); @@ -704,9 +640,8 @@ describe("#users.update", () => { it("should fail upon sending invalid user preference", async () => { const user = await buildUser(); - const res = await server.post("/api/users.update", { + const res = await server.post("/api/users.update", user, { body: { - token: user.getJwtToken(), name: "New name", preferences: { invalidPreference: "invalidValue" }, }, @@ -716,9 +651,8 @@ describe("#users.update", () => { it("should fail upon sending invalid user preference value", async () => { const user = await buildUser(); - const res = await server.post("/api/users.update", { + const res = await server.post("/api/users.update", user, { body: { - token: user.getJwtToken(), name: "New name", preferences: { rememberLastPath: "invalidValue" }, }, @@ -728,9 +662,8 @@ describe("#users.update", () => { it("should update rememberLastPath user preference", async () => { const user = await buildUser(); - const res = await server.post("/api/users.update", { + const res = await server.post("/api/users.update", user, { body: { - token: user.getJwtToken(), name: "New name", preferences: { rememberLastPath: true, @@ -744,9 +677,8 @@ describe("#users.update", () => { it("should update user timezone", async () => { const user = await buildUser(); - const res = await server.post("/api/users.update", { + const res = await server.post("/api/users.update", user, { body: { - token: user.getJwtToken(), timezone: "Asia/Calcutta", }, }); @@ -768,9 +700,8 @@ describe("#users.updateEmail", () => { it("should trigger verification email", async () => { const spy = vi.spyOn(ConfirmUpdateEmail.prototype, "schedule"); const user = await buildUser(); - const res = await server.post("/api/users.updateEmail", { + const res = await server.post("/api/users.updateEmail", user, { body: { - token: user.getJwtToken(), email: faker.internet.email(), }, }); @@ -791,9 +722,8 @@ describe("#users.updateEmail", () => { createdById: user.id, }); - const res = await server.post("/api/users.updateEmail", { + const res = await server.post("/api/users.updateEmail", user, { body: { - token: user.getJwtToken(), email: faker.internet.email(), }, }); @@ -807,9 +737,8 @@ describe("#users.updateEmail", () => { const email = faker.internet.email().toLowerCase(); await buildUser({ teamId: user.teamId, email }); - const res = await server.post("/api/users.updateEmail", { + const res = await server.post("/api/users.updateEmail", user, { body: { - token: user.getJwtToken(), email, }, }); @@ -831,7 +760,7 @@ describe("#users.updateEmail", () => { const user = await buildUser(); const email = faker.internet.email(); await server.get( - `/api/users.updateEmail?token=${user.getJwtToken()}&code=${user.getEmailUpdateToken( + `/api/users.updateEmail?token=${user.getSessionToken()}&code=${user.getEmailUpdateToken( email )}&follow=true` ); @@ -848,9 +777,8 @@ describe("#users.update_role", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/users.update_role", { + const res = await server.post("/api/users.update_role", admin, { body: { - token: admin.getJwtToken(), id: user.id, role: UserRole.Admin, }, @@ -864,9 +792,8 @@ describe("#users.update_role", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/users.update_role", { + const res = await server.post("/api/users.update_role", admin, { body: { - token: admin.getJwtToken(), id: user.id, role: UserRole.Viewer, }, @@ -880,9 +807,8 @@ describe("#users.update_role", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/users.update_role", { + const res = await server.post("/api/users.update_role", admin, { body: { - token: admin.getJwtToken(), id: user.id, role: UserRole.Admin, }, @@ -897,9 +823,8 @@ describe("#users.promote", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/users.promote", { + const res = await server.post("/api/users.promote", admin, { body: { - token: admin.getJwtToken(), id: user.id, }, }); @@ -908,9 +833,8 @@ describe("#users.promote", () => { it("should require admin", async () => { const user = await buildUser(); - const res = await server.post("/api/users.promote", { + const res = await server.post("/api/users.promote", user, { body: { - token: user.getJwtToken(), id: user.id, }, }); @@ -926,9 +850,8 @@ describe("#users.demote", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/users.demote", { + const res = await server.post("/api/users.demote", admin, { body: { - token: admin.getJwtToken(), id: user.id, }, }); @@ -940,9 +863,8 @@ describe("#users.demote", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/users.demote", { + const res = await server.post("/api/users.demote", admin, { body: { - token: admin.getJwtToken(), id: user.id, to: "viewer", }, @@ -955,9 +877,8 @@ describe("#users.demote", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildAdmin({ teamId: team.id }); - const res = await server.post("/api/users.demote", { + const res = await server.post("/api/users.demote", admin, { body: { - token: admin.getJwtToken(), id: user.id, to: "member", }, @@ -968,9 +889,8 @@ describe("#users.demote", () => { it("should not allow demoting self", async () => { const admin = await buildAdmin(); await buildAdmin({ teamId: admin.teamId }); - const res = await server.post("/api/users.demote", { + const res = await server.post("/api/users.demote", admin, { body: { - token: admin.getJwtToken(), id: admin.id, }, }); @@ -981,9 +901,8 @@ describe("#users.demote", () => { it("should require admin", async () => { const user = await buildUser(); - const res = await server.post("/api/users.promote", { + const res = await server.post("/api/users.promote", user, { body: { - token: user.getJwtToken(), id: user.id, }, }); @@ -999,9 +918,8 @@ describe("#users.suspend", () => { const admin = await buildAdmin({ teamId: team.id }); const user = await buildUser({ teamId: team.id }); - const res = await server.post("/api/users.suspend", { + const res = await server.post("/api/users.suspend", admin, { body: { - token: admin.getJwtToken(), id: user.id, }, }); @@ -1010,9 +928,8 @@ describe("#users.suspend", () => { it("should not allow suspending self", async () => { const admin = await buildAdmin(); - const res = await server.post("/api/users.suspend", { + const res = await server.post("/api/users.suspend", admin, { body: { - token: admin.getJwtToken(), id: admin.id, }, }); @@ -1023,9 +940,8 @@ describe("#users.suspend", () => { it("should require admin", async () => { const user = await buildUser(); - const res = await server.post("/api/users.suspend", { + const res = await server.post("/api/users.suspend", user, { body: { - token: user.getJwtToken(), id: user.id, }, }); @@ -1046,9 +962,8 @@ describe("#users.activate", () => { suspendedAt: new Date(), }); expect(user.isSuspended).toBe(true); - const res = await server.post("/api/users.activate", { + const res = await server.post("/api/users.activate", admin, { body: { - token: admin.getJwtToken(), id: user.id, }, }); @@ -1057,9 +972,8 @@ describe("#users.activate", () => { it("should require admin", async () => { const user = await buildUser(); - const res = await server.post("/api/users.activate", { + const res = await server.post("/api/users.activate", user, { body: { - token: user.getJwtToken(), id: user.id, }, }); diff --git a/server/routes/api/views/views.test.ts b/server/routes/api/views/views.test.ts index 16bc70e584..9a077b9305 100644 --- a/server/routes/api/views/views.test.ts +++ b/server/routes/api/views/views.test.ts @@ -23,9 +23,8 @@ describe("#views.list", () => { documentId: document.id, userId: user.id, }); - const res = await server.post("/api/views.list", { + const res = await server.post("/api/views.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -47,9 +46,8 @@ describe("#views.list", () => { await user.update({ suspendedAt: new Date() }); - const res = await server.post("/api/views.list", { + const res = await server.post("/api/views.list", admin, { body: { - token: admin.getJwtToken(), documentId: document.id, }, }); @@ -82,9 +80,8 @@ describe("#views.list", () => { documentId: document.id, userId: user.id, }); - const res = await server.post("/api/views.list", { + const res = await server.post("/api/views.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -109,9 +106,8 @@ describe("#views.list", () => { it("should require authorization", async () => { const document = await buildDocument(); const user = await buildUser(); - const res = await server.post("/api/views.list", { + const res = await server.post("/api/views.list", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -126,9 +122,8 @@ describe("#views.create", () => { userId: user.id, teamId: user.teamId, }); - const res = await server.post("/api/views.create", { + const res = await server.post("/api/views.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -157,9 +152,8 @@ describe("#views.create", () => { userId: user.id, permission: CollectionPermission.Read, }); - const res = await server.post("/api/views.create", { + const res = await server.post("/api/views.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); @@ -183,9 +177,8 @@ describe("#views.create", () => { it("should require authorization", async () => { const document = await buildDocument(); const user = await buildUser(); - const res = await server.post("/api/views.create", { + const res = await server.post("/api/views.create", user, { body: { - token: user.getJwtToken(), documentId: document.id, }, }); diff --git a/server/routes/auth/index.test.ts b/server/routes/auth/index.test.ts index 61bd5f308b..e976758598 100644 --- a/server/routes/auth/index.test.ts +++ b/server/routes/auth/index.test.ts @@ -1,5 +1,7 @@ +import { addMonths } from "date-fns"; import { buildUser, buildCollection } from "@server/test/factories"; import { getTestServer } from "@server/test/support"; +import { getJWTPayload } from "@server/utils/jwt"; const server = getTestServer(); @@ -33,9 +35,36 @@ describe("auth/redirect", () => { expect(res.headers.get("location")!.includes(collection.path)).toBeTruthy(); }); + it("should issue a session token with an expiry", async () => { + const user = await buildUser(); + const before = Date.now(); + const res = await server.get( + `/auth/redirect?token=${user.getTransferToken()}`, + { + redirect: "manual", + } + ); + expect(res.status).toEqual(302); + + const cookie = res.headers.get("set-cookie"); + expect(cookie).not.toBeNull(); + const match = cookie!.match(/accessToken=([^;]+)/); + expect(match).not.toBeNull(); + + const payload = getJWTPayload(match![1]); + expect(payload.type).toEqual("session"); + expect(payload.expiresAt).toBeDefined(); + + const expiresAt = new Date(payload.expiresAt as string).getTime(); + const expectedMin = addMonths(before, 3).getTime() - 1000; + const expectedMax = addMonths(Date.now(), 3).getTime() + 1000; + expect(expiresAt).toBeGreaterThanOrEqual(expectedMin); + expect(expiresAt).toBeLessThanOrEqual(expectedMax); + }); + it("should prevent token extension by rejecting JWT tokens", async () => { const user = await buildUser(); - const jwtToken = user.getJwtToken(); + const jwtToken = user.getSessionToken(); const res = await server.get(`/auth/redirect?token=${jwtToken}`, { redirect: "manual", diff --git a/server/routes/auth/index.ts b/server/routes/auth/index.ts index b869955e38..4121f325fe 100644 --- a/server/routes/auth/index.ts +++ b/server/routes/auth/index.ts @@ -43,14 +43,15 @@ router.get( throw AuthenticationError("Cannot extend token"); } - const jwtToken = user.getJwtToken(undefined, service); + const expires = addMonths(new Date(), 3); + const jwtToken = user.getSessionToken(expires, service); // ensure that the lastActiveAt on user is updated to prevent replay requests await user.updateActiveAt(ctx, true); ctx.cookies.set("accessToken", jwtToken, { sameSite: "lax", - expires: addMonths(new Date(), 3), + expires, }); const [team, collection, view] = await Promise.all([ Team.findByPk(user.teamId), diff --git a/server/routes/mcp/index.test.ts b/server/routes/mcp/index.test.ts index d62f9b0a63..4cdcd8231c 100644 --- a/server/routes/mcp/index.test.ts +++ b/server/routes/mcp/index.test.ts @@ -34,7 +34,7 @@ describe("POST /mcp/", () => { const { body } = mcpRequest("tools/list"); const res = await server.post("/mcp/", { headers: { - Authorization: `Bearer ${user.getJwtToken()}`, + Authorization: `Bearer ${user.getSessionToken()}`, Accept: "application/json, text/event-stream", }, body, diff --git a/server/test/TestServer.ts b/server/test/TestServer.ts index 68072b77d7..aa7a7a639e 100644 --- a/server/test/TestServer.ts +++ b/server/test/TestServer.ts @@ -11,6 +11,34 @@ type TestRequestOptions = Omit & { headers?: Record; }; +interface Authable { + getSessionToken(): string; +} + +const tokenCache = new WeakMap(); + +function getCachedSessionToken(user: Authable): string { + let token = tokenCache.get(user); + if (!token) { + token = user.getSessionToken(); + tokenCache.set(user, token); + } + return token; +} + +function normalizeArgs( + userOrOpts?: Authable | TestRequestOptions, + maybeOpts?: TestRequestOptions +): { user?: Authable; opts: TestRequestOptions } { + if ( + userOrOpts && + typeof (userOrOpts as Authable).getSessionToken === "function" + ) { + return { user: userOrOpts as Authable, opts: maybeOpts ?? {} }; + } + return { opts: (userOrOpts as TestRequestOptions) ?? {} }; +} + class TestServer { private server: http.Server; private listener?: Promise | null; @@ -36,10 +64,24 @@ class TestServer { return this.listener; } - fetch(path: string, opts: TestRequestOptions) { + fetch(path: string, opts?: TestRequestOptions): ReturnType; + fetch( + path: string, + user: Authable, + opts?: TestRequestOptions + ): ReturnType; + fetch( + path: string, + userOrOpts?: Authable | TestRequestOptions, + maybeOpts?: TestRequestOptions + ) { + const { user, opts } = normalizeArgs(userOrOpts, maybeOpts); return this.listen().then(() => { const url = `${this.address}${path}`; const headers: Record = { ...opts.headers }; + if (user && !headers.Authorization && !headers.authorization) { + headers.Authorization = `Bearer ${getCachedSessionToken(user)}`; + } let body = opts.body; const contentType = headers["Content-Type"] ?? headers["content-type"]; // automatic JSON encoding @@ -62,32 +104,126 @@ class TestServer { this.server.close(); } - delete(path: string, options?: TestRequestOptions) { - return this.fetch(path, { ...options, method: "DELETE" }); + delete(path: string, opts?: TestRequestOptions): ReturnType; + delete( + path: string, + user: Authable, + opts?: TestRequestOptions + ): ReturnType; + delete( + path: string, + userOrOpts?: Authable | TestRequestOptions, + maybeOpts?: TestRequestOptions + ) { + const { user, opts } = normalizeArgs(userOrOpts, maybeOpts); + return user + ? this.fetch(path, user, { ...opts, method: "DELETE" }) + : this.fetch(path, { ...opts, method: "DELETE" }); } - get(path: string, options?: TestRequestOptions) { - return this.fetch(path, { ...options, method: "GET" }); + get(path: string, opts?: TestRequestOptions): ReturnType; + get( + path: string, + user: Authable, + opts?: TestRequestOptions + ): ReturnType; + get( + path: string, + userOrOpts?: Authable | TestRequestOptions, + maybeOpts?: TestRequestOptions + ) { + const { user, opts } = normalizeArgs(userOrOpts, maybeOpts); + return user + ? this.fetch(path, user, { ...opts, method: "GET" }) + : this.fetch(path, { ...opts, method: "GET" }); } - head(path: string, options?: TestRequestOptions) { - return this.fetch(path, { ...options, method: "HEAD" }); + head(path: string, opts?: TestRequestOptions): ReturnType; + head( + path: string, + user: Authable, + opts?: TestRequestOptions + ): ReturnType; + head( + path: string, + userOrOpts?: Authable | TestRequestOptions, + maybeOpts?: TestRequestOptions + ) { + const { user, opts } = normalizeArgs(userOrOpts, maybeOpts); + return user + ? this.fetch(path, user, { ...opts, method: "HEAD" }) + : this.fetch(path, { ...opts, method: "HEAD" }); } - options(path: string, options?: TestRequestOptions) { - return this.fetch(path, { ...options, method: "OPTIONS" }); + options( + path: string, + opts?: TestRequestOptions + ): ReturnType; + options( + path: string, + user: Authable, + opts?: TestRequestOptions + ): ReturnType; + options( + path: string, + userOrOpts?: Authable | TestRequestOptions, + maybeOpts?: TestRequestOptions + ) { + const { user, opts } = normalizeArgs(userOrOpts, maybeOpts); + return user + ? this.fetch(path, user, { ...opts, method: "OPTIONS" }) + : this.fetch(path, { ...opts, method: "OPTIONS" }); } - patch(path: string, options?: TestRequestOptions) { - return this.fetch(path, { ...options, method: "PATCH" }); + patch(path: string, opts?: TestRequestOptions): ReturnType; + patch( + path: string, + user: Authable, + opts?: TestRequestOptions + ): ReturnType; + patch( + path: string, + userOrOpts?: Authable | TestRequestOptions, + maybeOpts?: TestRequestOptions + ) { + const { user, opts } = normalizeArgs(userOrOpts, maybeOpts); + return user + ? this.fetch(path, user, { ...opts, method: "PATCH" }) + : this.fetch(path, { ...opts, method: "PATCH" }); } - post(path: string, options?: TestRequestOptions) { - return this.fetch(path, { ...options, method: "POST" }); + post(path: string, opts?: TestRequestOptions): ReturnType; + post( + path: string, + user: Authable, + opts?: TestRequestOptions + ): ReturnType; + post( + path: string, + userOrOpts?: Authable | TestRequestOptions, + maybeOpts?: TestRequestOptions + ) { + const { user, opts } = normalizeArgs(userOrOpts, maybeOpts); + return user + ? this.fetch(path, user, { ...opts, method: "POST" }) + : this.fetch(path, { ...opts, method: "POST" }); } - put(path: string, options?: TestRequestOptions) { - return this.fetch(path, { ...options, method: "PUT" }); + put(path: string, opts?: TestRequestOptions): ReturnType; + put( + path: string, + user: Authable, + opts?: TestRequestOptions + ): ReturnType; + put( + path: string, + userOrOpts?: Authable | TestRequestOptions, + maybeOpts?: TestRequestOptions + ) { + const { user, opts } = normalizeArgs(userOrOpts, maybeOpts); + return user + ? this.fetch(path, user, { ...opts, method: "PUT" }) + : this.fetch(path, { ...opts, method: "PUT" }); } } diff --git a/server/test/support.ts b/server/test/support.ts index 747e86538e..bb0e4bb814 100644 --- a/server/test/support.ts +++ b/server/test/support.ts @@ -64,7 +64,7 @@ export function withAPIContext( auth: { user, type: AuthenticationType.APP, - token: user.getJwtToken(), + token: user.getSessionToken(), }, transaction, }; diff --git a/server/utils/authentication.ts b/server/utils/authentication.ts index 2ee94e0709..4c86f007d3 100644 --- a/server/utils/authentication.ts +++ b/server/utils/authentication.ts @@ -134,7 +134,7 @@ export async function signIn( ); } } else { - ctx.cookies.set("accessToken", user.getJwtToken(expires, service), { + ctx.cookies.set("accessToken", user.getSessionToken(expires, service), { sameSite: "lax", expires, });