From 4bfa5e7de8f6b80c3206995ed887eca43d9ec3fc Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Sun, 26 Jul 2020 11:13:36 -0400 Subject: [PATCH] Banned users can't vote --- src/routes/voteOnSponsorTime.js | 1 + test/cases/voteOnSponsorTime.js | 29 +++++++++++++++++++++++++---- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/src/routes/voteOnSponsorTime.js b/src/routes/voteOnSponsorTime.js index 0b75b49..f664d40 100644 --- a/src/routes/voteOnSponsorTime.js +++ b/src/routes/voteOnSponsorTime.js @@ -249,6 +249,7 @@ async function voteOnSponsorTime(req, res) { // Only change the database if they have made a submission before and haven't voted recently let ableToVote = isVIP || (db.prepare("get", "SELECT userID FROM sponsorTimes WHERE userID = ?", [nonAnonUserID]) !== undefined + && privateDB.prepare("get", "SELECT userID FROM shadowBannedUsers WHERE userID = ?", [nonAnonUserID]) === undefined && privateDB.prepare("get", "SELECT UUID FROM votes WHERE UUID = ? AND hashedIP = ? AND userID != ?", [UUID, hashedIP, userID]) === undefined); if (ableToVote) { diff --git a/test/cases/voteOnSponsorTime.js b/test/cases/voteOnSponsorTime.js index c1776f6..1ce4b7c 100644 --- a/test/cases/voteOnSponsorTime.js +++ b/test/cases/voteOnSponsorTime.js @@ -1,7 +1,7 @@ -var request = require('request'); -var db = require('../../src/databases/databases.js').db; -var utils = require('../utils.js'); -var getHash = require('../../src/utils/getHash.js') +const request = require('request'); +const { db, privateDB } = require('../../src/databases/databases.js'); +const utils = require('../utils.js'); +const getHash = require('../../src/utils/getHash.js'); describe('voteOnSponsorTime', () => { before(() => { @@ -9,6 +9,7 @@ describe('voteOnSponsorTime', () => { db.exec(startOfQuery + "('vote-testtesttest', 1, 11, 2, 'vote-uuid-0', 'testman', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('vote-testtesttest2', 1, 11, 2, 'vote-uuid-1', 'testman', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('vote-testtesttest2', 1, 11, 10, 'vote-uuid-1.5', 'testman', 0, 50, 'outro', 0)"); + db.exec(startOfQuery + "('vote-testtesttest2', 1, 11, 10, 'vote-uuid-1.6', 'testman', 0, 50, 'interaction', 0)"); db.exec(startOfQuery + "('vote-testtesttest3', 20, 33, 10, 'vote-uuid-2', 'testman', 0, 50, 'intro', 0)"); db.exec(startOfQuery + "('vote-testtesttest,test', 1, 11, 100, 'vote-uuid-3', 'testman', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('vote-test3', 1, 11, 2, 'vote-uuid-4', 'testman', 0, 50, 'sponsor', 0)"); @@ -18,8 +19,10 @@ describe('voteOnSponsorTime', () => { db.exec(startOfQuery + "('voter-submitter', 1, 11, 2, 'vote-uuid-8', '" + getHash("randomID") + "', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('voter-submitter2', 1, 11, 2, 'vote-uuid-9', '" + getHash("randomID2") + "', 0, 50, 'sponsor', 0)"); db.exec(startOfQuery + "('voter-submitter2', 1, 11, 2, 'vote-uuid-10', '" + getHash("randomID3") + "', 0, 50, 'sponsor', 0)"); + db.exec(startOfQuery + "('voter-submitter2', 1, 11, 2, 'vote-uuid-11', '" + getHash("randomID4") + "', 0, 50, 'sponsor', 0)"); db.exec("INSERT INTO vipUsers (userID) VALUES ('" + getHash("VIPUser") + "')"); + privateDB.exec("INSERT INTO shadowBannedUsers (userID) VALUES ('" + getHash("randomID4") + "')"); }); it('Should be able to upvote a segment', (done) => { @@ -76,6 +79,24 @@ describe('voteOnSponsorTime', () => { }); }); + it("Should not be able to downvote a segment if the user is shadow banned", (done) => { + request.get(utils.getbaseURL() + + "/api/voteOnSponsorTime?userID=randomID4&UUID=vote-uuid-1.6&type=0", null, + (err, res, body) => { + if (err) done(err); + else if (res.statusCode === 200) { + let row = db.prepare('get', "SELECT votes FROM sponsorTimes WHERE UUID = ?", ["vote-uuid-1.6"]); + if (row.votes === 10) { + done() + } else { + done("Vote did not fail. Submission went from 10 votes to " + row.votes); + } + } else { + done("Status code was " + res.statusCode); + } + }); + }); + it("Should not be able to upvote a segment if the user hasn't submitted yet", (done) => { request.get(utils.getbaseURL() + "/api/voteOnSponsorTime?userID=hasNotSubmittedID&UUID=vote-uuid-1&type=1", null,