From aacd297b3b27621032e811a3448e138ccd58eb36 Mon Sep 17 00:00:00 2001
From: FlorianZahn <anderes.zeug@outlook.com>
Date: Sat, 2 Oct 2021 05:04:18 +0200
Subject: [PATCH] Fixed bugs where normal users could cirumvent vip locks by
 changing categories

---
 src/routes/voteOnSponsorTime.ts |  4 ++--
 test/cases/voteOnSponsorTime.ts | 35 +++------------------------------
 2 files changed, 5 insertions(+), 34 deletions(-)

diff --git a/src/routes/voteOnSponsorTime.ts b/src/routes/voteOnSponsorTime.ts
index 2c1f1f2..10c4221 100644
--- a/src/routes/voteOnSponsorTime.ts
+++ b/src/routes/voteOnSponsorTime.ts
@@ -180,14 +180,14 @@ async function categoryVote(UUID: SegmentUUID, userID: UserID, isVIP: boolean, i
     const nextCategoryLocked = await db.prepare("get", `SELECT "videoID", "category" FROM "lockCategories" WHERE "videoID" = ? AND "category" = ?`, [videoInfo.videoID, category]);
     if (nextCategoryLocked) {
         if (!isVIP) {
-            return res.status(200);
+            return res.sendStatus(200);
         } // In an else statement, add a warning in the future for VIPs, that the next category is locked
     }
 
     // Ignore vote if the segment is locked
     if (!isVIP && videoInfo.locked === 1) {
         console.log("dalfäkjsdöfbsdfoöjasdökjb");
-        return res.status(200);
+        return res.sendStatus(200);
     }
 
     const nextCategoryInfo = await db.prepare("get", `select votes from "categoryVotes" where "UUID" = ? and category = ?`, [UUID, category]);
diff --git a/test/cases/voteOnSponsorTime.ts b/test/cases/voteOnSponsorTime.ts
index d6a3a77..14751db 100644
--- a/test/cases/voteOnSponsorTime.ts
+++ b/test/cases/voteOnSponsorTime.ts
@@ -33,7 +33,7 @@ describe("voteOnSponsorTime", () => {
         await db.prepare("run", insertSponsorTimeQuery, ["vote-testtesttest,test", 1, 11, 100, 0, "vote-uuid-3", "testman", 0, 50, "sponsor", 0, 0]);
         await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 1, 11, 2, 0, "vote-uuid-4", "testman", 0, 50, "sponsor", 0, 0]);
         await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 7, 22, -3, 0, "vote-uuid-5", "testman", 0, 50, "intro", 0, 0]);
-        await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 7, 22, -3, 0, "vote-uuid-5_1", "testman", 0, 50, "intro", 0, 0]);
+        //await db.prepare("run", insertSponsorTimeQuery, ["vote-test3", 7, 22, -3, 0, "vote-uuid-5_1", getHash("testman"), 0, 50, "intro", 0, 0]);
         await db.prepare("run", insertSponsorTimeQuery, ["vote-multiple", 1, 11, 2, 0, "vote-uuid-6", "testman", 0, 50, "intro", 0, 0]);
         await db.prepare("run", insertSponsorTimeQuery, ["vote-multiple", 20, 33, 2, 0, "vote-uuid-7", "testman", 0, 50, "intro", 0, 0]);
         await db.prepare("run", insertSponsorTimeQuery, ["voter-submitter", 1, 11, 2, 0, "vote-uuid-8", getHash("randomID"), 0, 50, "sponsor", 0, 0]);
@@ -292,33 +292,6 @@ describe("voteOnSponsorTime", () => {
         });
     });
 
-    /*
-    it("VIP should be able to vote for a category and it should immediately change", (done) => {
-        const UUID = "vote-uuid-5";
-        postVoteCategory(vipUser, UUID, "outro")
-            .then(async res => {
-                assert.strictEqual(res.status, 200);
-                const row = await getSegmentCategory(UUID);
-                const row2 = await db.prepare("get", `SELECT votes FROM "categoryVotes" WHERE "UUID" = ? and category = ?`, [UUID, "outro"]);
-                assert.strictEqual(row.category, "outro");
-                assert.strictEqual(row2.votes, 500);
-                done();
-            })
-            .catch(err => done(err));
-    });
-// old test
-    it("Submitter should be able to vote for a category and it should immediately change", (done) => {
-        const UUID = "vote-uuid-5_1";
-        postVoteCategory("testman", UUID, "outro")
-            .then(async res => {
-                assert.strictEqual(res.status, 200);
-                const row = await getSegmentCategory("vote-uuid-5");
-                assert.strictEqual(row.category, "outro");
-                done();
-            })
-            .catch(err => done(err));
-    });*/
-
     it("Submitter should be able to vote for a category and it should immediately change (segment unlocked, nextCatgeory unlocked, notVip)", (done) => {
         const userID = categoryChangeUser;
         const UUID = "category-change-uuid-1";
@@ -327,7 +300,7 @@ describe("voteOnSponsorTime", () => {
             .then(async res => {
                 assert.strictEqual(res.status, 200);
                 const row = await getSegmentCategory(UUID);
-                console.log(row.category)
+                console.log(row.category);
                 assert.strictEqual(row.category, category); 
                 done();
             })
@@ -342,7 +315,7 @@ describe("voteOnSponsorTime", () => {
             .then(async res => {
                 assert.strictEqual(res.status, 200);
                 const row = await getSegmentCategory(UUID);
-                console.log(row.category)
+                console.log(row.category);
                 assert.strictEqual(row.category, "intro");
                 done();
             })
@@ -357,7 +330,6 @@ describe("voteOnSponsorTime", () => {
             .then(async res => {
                 assert.strictEqual(res.status, 200);
                 const row = await getSegmentCategory(UUID);
-                console.log(row.category)
                 assert.strictEqual(row.category, "intro");
                 done();
             })
@@ -372,7 +344,6 @@ describe("voteOnSponsorTime", () => {
             .then(async res => {
                 assert.strictEqual(res.status, 200);
                 const row = await getSegmentCategory(UUID);
-                console.log(row.category)
                 assert.strictEqual(row.category, "intro");
                 done();
             })