coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: Two API endpoints where requesting a permenantly deleted document results in server error

Browse Source
This commit is contained in:
Tom Moor
2020-09-08 07:29:06 -07:00
parent b1648ac2aa
commit f264d67862
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/api/documents.js
View File

@ -2,7 +2,7 @@
import Router from "koa-router"; import Router from "koa-router";
import Sequelize from "sequelize"; import Sequelize from "sequelize";
import documentMover from "../commands/documentMover"; import documentMover from "../commands/documentMover";
import { InvalidRequestError } from "../errors"; import { NotFoundError, InvalidRequestError } from "../errors";
import auth from "../middlewares/authentication"; import auth from "../middlewares/authentication";
import { import {
Backlink, Backlink,
@ -411,6 +411,10 @@ async function loadDocument({ id, shareId, user }) {
userId: user ? user.id : undefined, userId: user ? user.id : undefined,
paranoid: false, paranoid: false,
}); });
if (!document) {
throw new NotFoundError();
}
if (document.deletedAt) { if (document.deletedAt) {
authorize(user, "restore", document); authorize(user, "restore", document);
} else { } else {
@ -456,6 +460,9 @@ router.post("documents.restore", auth(), async (ctx) => {
userId: user.id, userId: user.id,
paranoid: false, paranoid: false,
}); });
if (!document) {
throw new NotFoundError();
}
if (collectionId) { if (collectionId) {
ctx.assertUuid(collectionId, "collectionId must be a uuid"); ctx.assertUuid(collectionId, "collectionId must be a uuid");

18
server/api/documents.test.js
View File

@ -185,6 +185,15 @@ describe("#documents.info", () => {
expect(body.data.id).toEqual(document.id); expect(body.data.id).toEqual(document.id);
}); });
it("should not error if document doesn't exist", async () => {
const user = await buildUser();
const res = await server.post("/api/documents.info", {
body: { token: user.getJwtToken(), id: "test" },
});
expect(res.status).toEqual(404);
});
it("should require authorization without token", async () => { it("should require authorization without token", async () => {
const { document } = await seed(); const { document } = await seed();
const res = await server.post("/api/documents.info", { const res = await server.post("/api/documents.info", {
@ -1309,6 +1318,15 @@ describe("#documents.restore", () => {
expect(res.status).toEqual(403); expect(res.status).toEqual(403);
}); });
it("should not error if document doesn't exist", async () => {
const user = await buildUser();
const res = await server.post("/api/documents.restore", {
body: { token: user.getJwtToken(), id: "test" },
});
expect(res.status).toEqual(404);
});
it("should require authentication", async () => { it("should require authentication", async () => {
const res = await server.post("/api/documents.restore"); const res = await server.post("/api/documents.restore");
const body = await res.json(); const body = await res.json();