fix tests, some small improvements, update deps, bump version

nuest · nuest · commit 444f900a2737 · 2020-03-20T10:40:16.000+01:00
diff --git a/.travis.yml b/.travis.yml
@@ -2,20 +2,20 @@
 sudo: required
 language: node_js
 node_js:
-  - "8"
+  - "12"
 services:
   - docker
 before_install:
   - docker pull mongo:3.4
 install:
   - npm install
 before_script:
-  - docker run --name mongodb -d -p 27017:27017 mongo:3.4
+  - docker run --name mongodb -d mongo:3.4
   - docker build --tag bouncer .
   - docker run --name testbouncer -d -p 8083:8083 --link mongodb:mongodb -e OAUTH_STARTUP_TEST=false -e BOUNCER_MONGODB=mongodb://mongodb:27017 -e DEBUG=* bouncer
-  - sleep 5
+  - sleep 3
 script:
   - DEBUG=* npm test
 after_failure:
-  - sleep 5
+  - sleep 3
   - docker logs testbouncer
diff --git a/config/config.js b/config/config.js
@@ -72,7 +72,6 @@ c.user.level = {};
 c.user.level.admin = 1000;
 c.user.level.editor = 500;
 c.user.level.known = 100;
-c.user.level.userEdit = c.user.level.editor;
 c.user.level.default = parseInt(env.BOUNCER_DEFAULT_USER_LEVEL) || c.user.level.known;
 
 // Slack
diff --git a/lib/slack.js b/lib/slack.js
@@ -170,7 +170,7 @@ exports.incomingAction = (req, res) => {
   debug('[action] %o', payload);
 
   // immediately acknowledge, use response URL for updates
-  res.status(200).send();
+  res.sendStatus(200);
 
   if (payload.token !== config.slack.verification_token) {
     debug('[action] Incorrect verification token, not processing this incoming action further!');
diff --git a/lib/user.js b/lib/user.js
@@ -36,8 +36,7 @@ exports.viewSingle = (req, res) => {
 
       // show level and lastseen only to editor users and the user herself
       if (req.isAuthenticated()
-        && (req.user.level >= c.user.level.userEdit
-          || user.orcid === id)) {
+        && (req.user.level >= c.user.level || user.orcid === id)) {
         answer.level = user.level;
         answer.lastseen = user.lastseenAt;
       }
@@ -80,26 +79,25 @@ exports.view = (req, res) => {
 
 exports.patchLevel = (req, res) => {
   var id = req.params.id;
+  var newLevel = parseInt(req.query.level, 10);
+  
+  if (isNaN(newLevel)) {
+    res.status(400).send('{"error":"parameter \'level\' could not be parsed as an integer"}');
+    return;
+  }
 
   // check user level
   if (!req.isAuthenticated()) {
     res.status(401).send('{"error":"user is not authenticated"}');
     return;
   }
-  if (req.user.level < c.user.level.userEdit) {
-    res.status(401).send('{"error":"user level does not allow edit"}');
+  if (req.user.level < newLevel) {
+    res.status(403).send('{"error":"user level does not allow edit"}');
     return;
   }
 
   debug('User %s should be patched with %o by user %s (%s)', id, req.query, req.user.name, req.user.orcid);
 
-  var newLevel = parseInt(req.query.level, 10);
-
-  if (isNaN(newLevel)) {
-    res.status(400).send('{"error":"parameter \'level\' could not be parsed as an integer"}');
-    return;
-  }
-
   let update = { level: newLevel };
   User.findOneAndUpdate({ orcid: id }, update, { new: true, upsert: false }, function (err, user) {
     if (err) {
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "bouncer",
-  "version": "0.14.0",
+  "version": "0.15.0",
   "description": "Node.js implementation of authentication features of the [o2r web api](http://o2r.info/o2r-web-api).",
   "main": "index.js",
   "scripts": {
diff --git a/test/pagination.js b/test/pagination.js
@@ -31,7 +31,7 @@ const cookie_editor = 's:xWHihqZq6jEAObwbfowO5IwdnBxohM7z.VxqsRC5A1VqJVspChcxVPu
 describe('User list pagination', () => {
     describe('illegal pagination parameters', () => {
         
-        it('should response with HTTP 400 and valid JSON error when start is too small', (done) => {
+        it('should respond with HTTP 400 and valid JSON error when start is too small', (done) => {
             request(global.test_host + '/api/v1/user?start=-1', (err, res, body) => {
                 assert.ifError(err);
                 assert.equal(res.statusCode, 400);
@@ -45,7 +45,7 @@ describe('User list pagination', () => {
             });
         });
         
-        it('should response with HTTP 400 and valid JSON error when start is text', (done) => {
+        it('should respond with HTTP 400 and valid JSON error when start is text', (done) => {
             request(global.test_host + '/api/v1/user?start=start', (err, res, body) => {
                 assert.ifError(err);
                 assert.equal(res.statusCode, 400);
diff --git a/test/setup.js b/test/setup.js
@@ -17,7 +17,6 @@
 
 /* eslint-env mocha */
 const mongojs = require('mongojs');
-const sleep = require('sleep');
 
 // test parameters for local session authentication directly via fixed database entries
 var orcid_o2r = '0000-0001-6021-1617';
@@ -36,19 +35,11 @@ const config = require('../config/config');
 global.test_host = env.TEST_HOST || 'http://localhost:' + config.net.port;
 console.log('Testing endpoint at ' + global.test_host);
 
+var db = mongojs('localhost/muncher', ['users', 'sessions']);
+
 before(function (done) {
     this.timeout(10000);
 
-    var db = mongojs('localhost/muncher', ['users', 'sessions']);
-
-    db.sessions.drop(function (err, doc) {
-        //if (err) throw err;
-    });
-    db.users.drop(function (err, doc) {
-        //if (err) throw err;
-    });
-    sleep.sleep(1);
-
     var session_o2r = {
         '_id': sessionId_o2r,
         'session': {
@@ -65,9 +56,6 @@ before(function (done) {
             }
         }
     }
-    db.sessions.save(session_o2r, function (err, doc) {
-        if (err) throw err;
-    });
     var session_plain = {
         '_id': sessionId_plain,
         'session': {
@@ -84,9 +72,6 @@ before(function (done) {
             }
         }
     }
-    db.sessions.save(session_plain, function (err, doc) {
-        if (err) throw err;
-    });
     var session_uploader = {
         '_id': sessionId_uploader,
         'session': {
@@ -103,9 +88,6 @@ before(function (done) {
             }
         }
     }
-    db.sessions.save(session_uploader, function (err, doc) {
-        if (err) throw err;
-    });
     var session_admin = {
         '_id': sessionId_admin,
         'session': {
@@ -122,9 +104,6 @@ before(function (done) {
             }
         }
     }
-    db.sessions.save(session_admin, function (err, doc) {
-        if (err) throw err;
-    });
     var session_editor = {
         '_id': sessionId_editor,
         'session': {
@@ -141,63 +120,79 @@ before(function (done) {
             }
         }
     }
-    db.sessions.save(session_editor, function (err, doc) {
-        if (err) throw err;
-    });
 
     var o2ruser = {
         '_id': '57dc171b8760d15dc1864044',
         'orcid': orcid_o2r,
         'level': 100,
         'name': 'o2r-testuser'
     };
-    db.users.save(o2ruser, function (err, doc) {
-        if (err) throw err;
-    });
-
     var plainuser = {
         '_id': '57b55ee700aee212007ac27f',
         'orcid': orcid_plain,
         'lastseenAt': new Date(),
         'level': 0,
         'name': 'plain-testuser'
     };
-    db.users.save(plainuser, function (err, doc) {
-        if (err) throw err;
-    });
-
     var uploaderuser = {
         '_id': '58a2e0ea1d68491233b925e8',
         'orcid': orcid_uploader,
         'lastseenAt': new Date(),
         'level': 100,
         'name': 'uploader'
     };
-    db.users.save(uploaderuser, function (err, doc) {
-        if (err) throw err;
-    });
-
     var adminuser = {
         '_id': '5887181ebd95ff5ae8febb88',
         'orcid': orcid_admin,
         'level': 1000,
         'name': 'admin'
     };
-    db.users.save(adminuser, function (err, doc) {
-        if (err) throw err;
-    });
-
     var editoruser = {
         '_id': '598438375a2a970bbd4bf4fe',
         'orcid': orcid_editor,
         'level': 500,
         'name': 'editor'
     };
-    db.users.save(editoruser, function (err, doc) {
-        if (err) throw err;
+
+    db.sessions.drop(function (err, doc) {
+        db.users.drop(function (err, doc) {
+            db.sessions.save(session_o2r, function (err, doc) {
+                if (err) throw err;
+                db.sessions.save(session_plain, function (err, doc) {
+                    if (err) throw err;
+                    db.sessions.save(session_uploader, function (err, doc) {
+                        if (err) throw err;
+                        db.sessions.save(session_admin, function (err, doc) {
+                            if (err) throw err;
+                            db.sessions.save(session_editor, function (err, doc) {
+                                if (err) throw err;
+
+                                db.users.save(o2ruser, function (err, doc) {
+                                    if (err) throw err;
+                                    db.users.save(uploaderuser, function (err, doc) {
+                                        if (err) throw err;
+                                        db.users.save(plainuser, function (err, doc) {
+                                            if (err) throw err;
+                                            db.users.save(adminuser, function (err, doc) {
+                                                if (err) throw err;
+                                                db.users.save(editoruser, function (err, doc) {
+                                                    if (err) throw err;
+                                                    done();
+                                                });
+                                            });
+                                        });
+                                    });
+                                });
+                            });
+                        });
+                    });
+                });
+            });
+        });
     });
+});
 
-    sleep.sleep(1);
+after(function (done) {
     db.close();
     done();
-});
+});
diff --git a/test/user-level-change.js b/test/user-level-change.js
@@ -137,10 +137,10 @@ describe('Editing user levels', () => {
         let ck = request.cookie('connect.sid=' + cookie_plain);
         j.setCookie(ck, global.test_host);
 
-        it('should response with HTTP 401', (done) => {
+        it('should response with HTTP 403', (done) => {
             request({ url: user_url + '?level=' + 9999, jar: j, method: "PATCH" }, (err, res) => {
                 assert.ifError(err);
-                assert.equal(res.statusCode, 401);
+                assert.equal(res.statusCode, 403);
                 done();
             });
         });

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "bouncer",`
`3`		`- "version": "0.14.0",`
	`3`	`+ "version": "0.15.0",`
`4`	`4`	`"description": "Node.js implementation of authentication features of the [o2r web api](http://o2r.info/o2r-web-api).",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`