From 5e58efb07f9e5b0330926a9c3e9315305755181c Mon Sep 17 00:00:00 2001 From: Michael C Date: Wed, 7 Jul 2021 17:36:52 -0400 Subject: [PATCH 1/5] early 400 on skipSegments --- src/routes/getSkipSegments.ts | 4 ++++ src/routes/getSkipSegmentsByHash.ts | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/routes/getSkipSegments.ts b/src/routes/getSkipSegments.ts index af322ad..08618e5 100644 --- a/src/routes/getSkipSegments.ts +++ b/src/routes/getSkipSegments.ts @@ -275,6 +275,10 @@ async function chooseSegments(segments: DBSegment[], max: number): Promise { const videoID = req.query.videoID as VideoID; + if (!videoID) { + res.status(400).send("videoID not specified"); + return false; + } // Default to sponsor // If using params instead of JSON, only one category can be pulled const categories: Category[] = req.query.categories diff --git a/src/routes/getSkipSegmentsByHash.ts b/src/routes/getSkipSegmentsByHash.ts index eb2c99c..1518f09 100644 --- a/src/routes/getSkipSegmentsByHash.ts +++ b/src/routes/getSkipSegmentsByHash.ts @@ -5,7 +5,7 @@ import { ActionType, Category, SegmentUUID, Service, VideoIDHash } from '../type export async function getSkipSegmentsByHash(req: Request, res: Response): Promise { let hashPrefix = req.params.prefix as VideoIDHash; - if (!hashPrefixTester(req.params.prefix)) { + if (!req.params.prefix || !hashPrefixTester(req.params.prefix)) { return res.status(400).send("Hash prefix does not match format requirements."); // Exit early on faulty prefix } hashPrefix = hashPrefix.toLowerCase() as VideoIDHash; From 9088d9fb9e0c6413ec026aeb66441f2b8aba083c Mon Sep 17 00:00:00 2001 From: Michael C Date: Wed, 7 Jul 2021 17:37:40 -0400 Subject: [PATCH 2/5] additional tests --- test/cases/getLockCategoriesByHash.ts | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/test/cases/getLockCategoriesByHash.ts b/test/cases/getLockCategoriesByHash.ts index 585c08e..d31f7cf 100644 --- a/test/cases/getLockCategoriesByHash.ts +++ b/test/cases/getLockCategoriesByHash.ts @@ -173,4 +173,22 @@ describe('getLockCategoriesByHash', () => { }) .catch(() => ("couldn't call endpoint")); }); + + it('should return 400 if hash too short', (done: Done) => { + fetch(getbaseURL() + '/api/lockCategories/00') + .then(res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); + + it('should return 400 if no hash specified', (done: Done) => { + fetch(getbaseURL() + '/api/lockCategories/') + .then(res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); }); From 596dbf4ac8c9622b52db0c66167c6df9f029c816 Mon Sep 17 00:00:00 2001 From: Michael C Date: Wed, 7 Jul 2021 17:39:16 -0400 Subject: [PATCH 3/5] 404 tests --- test/cases/getSkipSegments.ts | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test/cases/getSkipSegments.ts b/test/cases/getSkipSegments.ts index 06e64f2..979d33b 100644 --- a/test/cases/getSkipSegments.ts +++ b/test/cases/getSkipSegments.ts @@ -397,4 +397,13 @@ describe('getSkipSegments', () => { }) .catch(() => done("Couldn't call endpoint")); }); + + it('Should get 400 if no videoID passed in', (done: Done) => { + fetch(getbaseURL() + '/api/skipSegments') + .then(async res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); }); From e8d0da3ce3cbf484e6948ac4c80fc05d589db16d Mon Sep 17 00:00:00 2001 From: Michael C Date: Sat, 10 Jul 2021 16:30:30 -0400 Subject: [PATCH 4/5] add 400 conditions --- src/routes/postWarning.ts | 2 ++ test/cases/getLockCategoriesByHash.ts | 2 +- test/cases/getSkipSegments.ts | 1 + test/cases/getSkipSegmentsByHash.ts | 4 ++-- test/cases/getUserID.ts | 10 ++++++++++ test/cases/postPurgeAllSegments.ts | 15 +++++++++++++++ test/cases/postWarning.ts | 16 ++++++++++++++++ 7 files changed, 47 insertions(+), 3 deletions(-) diff --git a/src/routes/postWarning.ts b/src/routes/postWarning.ts index 015a9f8..583fbe2 100644 --- a/src/routes/postWarning.ts +++ b/src/routes/postWarning.ts @@ -6,6 +6,8 @@ import {getHash} from '../utils/getHash'; import { HashedUserID, UserID } from '../types/user.model'; export async function postWarning(req: Request, res: Response): Promise { + // exit early if no body passed in + if (!req.body.userID && !req.body.issuerUserID) return res.status(400).json({"message": "Missing parameters"}); // Collect user input data const issuerUserID: HashedUserID = getHash( req.body.issuerUserID); const userID: UserID = req.body.userID; diff --git a/test/cases/getLockCategoriesByHash.ts b/test/cases/getLockCategoriesByHash.ts index d31f7cf..0701210 100644 --- a/test/cases/getLockCategoriesByHash.ts +++ b/test/cases/getLockCategoriesByHash.ts @@ -2,7 +2,7 @@ import fetch from 'node-fetch'; import {Done, getbaseURL} from '../utils'; import {getHash} from '../../src/utils/getHash'; import {db} from '../../src/databases/databases'; - +import assert from 'assert'; describe('getLockCategoriesByHash', () => { before(async () => { diff --git a/test/cases/getSkipSegments.ts b/test/cases/getSkipSegments.ts index 979d33b..57ec9d7 100644 --- a/test/cases/getSkipSegments.ts +++ b/test/cases/getSkipSegments.ts @@ -2,6 +2,7 @@ import fetch from 'node-fetch'; import {db} from '../../src/databases/databases'; import {Done, getbaseURL} from '../utils'; import {getHash} from '../../src/utils/getHash'; +import assert from 'assert'; describe('getSkipSegments', () => { before(async () => { diff --git a/test/cases/getSkipSegmentsByHash.ts b/test/cases/getSkipSegmentsByHash.ts index d1da36e..d37eabb 100644 --- a/test/cases/getSkipSegmentsByHash.ts +++ b/test/cases/getSkipSegmentsByHash.ts @@ -108,10 +108,10 @@ describe('getSegmentsByHash', () => { .catch(() => done("Couldn't call endpoint")); }); - it('Should return 404 for no hash', (done: Done) => { + it('Should return 400 for no hash', (done: Done) => { fetch(getbaseURL() + '/api/skipSegments/?categories=["shilling"]') .then(res => { - if (res.status !== 404) done("expected 404, got " + res.status); + if (res.status !== 400) done("expected 400, got " + res.status); else done(); // pass }) .catch(() => done("Couldn't call endpoint")); diff --git a/test/cases/getUserID.ts b/test/cases/getUserID.ts index e0c7c5a..528804f 100644 --- a/test/cases/getUserID.ts +++ b/test/cases/getUserID.ts @@ -2,6 +2,7 @@ import fetch from 'node-fetch'; import {Done, getbaseURL} from '../utils'; import {db} from '../../src/databases/databases'; import {getHash} from '../../src/utils/getHash'; +import assert from 'assert'; describe('getUserID', () => { before(async () => { @@ -398,4 +399,13 @@ describe('getUserID', () => { }) .catch(() => ("couldn't call endpoint")); }); + + it('should return 400 if no username parameter specified', (done: Done) => { + fetch(getbaseURL() + '/api/userID') + .then(res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(() => ("couldn't call endpoint")); + }); }); diff --git a/test/cases/postPurgeAllSegments.ts b/test/cases/postPurgeAllSegments.ts index a907ddc..0fd337a 100644 --- a/test/cases/postPurgeAllSegments.ts +++ b/test/cases/postPurgeAllSegments.ts @@ -3,6 +3,7 @@ import {Done, getbaseURL} from '../utils'; import {db} from '../../src/databases/databases'; import {getHash} from '../../src/utils/getHash'; import {IDatabase} from '../../src/databases/IDatabase'; +import assert from 'assert'; async function dbSponsorTimesAdd(db: IDatabase, videoID: string, startTime: number, endTime: number, UUID: string, category: string) { const votes = 0, @@ -79,4 +80,18 @@ describe('postPurgeAllSegments', function () { }) .catch(err => done(err)); }); + + it('Should return 400 if missing body', function (done: Done) { + fetch(`${baseURL}${route}`, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + } + }) + .then(async res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); }); diff --git a/test/cases/postWarning.ts b/test/cases/postWarning.ts index 8231148..f352165 100644 --- a/test/cases/postWarning.ts +++ b/test/cases/postWarning.ts @@ -2,6 +2,7 @@ import fetch from 'node-fetch'; import {Done, getbaseURL} from '../utils'; import {db} from '../../src/databases/databases'; import {getHash} from '../../src/utils/getHash'; +import assert from 'assert'; describe('postWarning', () => { before(async () => { @@ -127,4 +128,19 @@ describe('postWarning', () => { }) .catch(err => done(err)); }); + + it('Should return 400 if missing body', (done: Done) => { + fetch(getbaseURL() + + "/api/warnUser", { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + } + }) + .then(async res => { + assert.strictEqual(res.status, 400); + done(); + }) + .catch(err => done(err)); + }); }); From a8f7080bf287429f4cb51a225317c2db158d875b Mon Sep 17 00:00:00 2001 From: Michael C Date: Mon, 12 Jul 2021 00:32:51 -0400 Subject: [PATCH 5/5] fix typo in tests --- test/cases/getSkipSegmentsByHash.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/cases/getSkipSegmentsByHash.ts b/test/cases/getSkipSegmentsByHash.ts index 33813fc..a32c208 100644 --- a/test/cases/getSkipSegmentsByHash.ts +++ b/test/cases/getSkipSegmentsByHash.ts @@ -11,7 +11,7 @@ const mockManager = ImportMock.mockStaticClass(YouTubeAPIModule, 'YouTubeAPI'); const sinonStub = mockManager.mock('listVideos'); sinonStub.callsFake(YouTubeApiMock.listVideos); -describe('getSegmentsByHash', () => { +describe('getSkipSegmentsByHash', () => { before(async () => { const query = 'INSERT INTO "sponsorTimes" ("videoID", "startTime", "endTime", "votes", "UUID", "userID", "timeSubmitted", views, category, "actionType", "service", "hidden", "shadowHidden", "hashedVideoID") VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'; await db.prepare("run", query, ['getSegmentsByHash-0', 1, 10, 2, 'getSegmentsByHash-0-0', 'testman', 0, 50, 'sponsor', 'skip', 'YouTube', 0, 0, 'fdaff4dee1043451faa7398324fb63d8618ebcd11bddfe0491c488db12c6c910']); @@ -109,7 +109,7 @@ describe('getSegmentsByHash', () => { it('Should return 400 for no hash', (done: Done) => { fetch(getbaseURL() + '/api/skipSegments/?categories=["shilling"]') .then(res => { - assert.strictEqual(res.status, 404); + assert.strictEqual(res.status, 400); done(); }) .catch(err => done(err));