Fix HTML scaffolding of admin pages rendering without auth. Closes #2789
This commit is contained in:
parent
3c533a39f0
commit
f7d84bc15b
@ -32,7 +32,7 @@ func Start() error {
|
||||
http.HandleFunc("/", controllers.IndexHandler)
|
||||
|
||||
// The admin web app.
|
||||
http.HandleFunc("/admin", middleware.RequireAdminAuth(controllers.IndexHandler))
|
||||
http.HandleFunc("/admin/", middleware.RequireAdminAuth(controllers.IndexHandler))
|
||||
|
||||
// Images
|
||||
http.HandleFunc("/thumbnail.jpg", controllers.GetThumbnail)
|
||||
|
51
test/automated/api/auth.test.js
Normal file
51
test/automated/api/auth.test.js
Normal file
@ -0,0 +1,51 @@
|
||||
var request = require('supertest');
|
||||
request = request('http://127.0.0.1:8080');
|
||||
|
||||
test('main page requires no auth', async (done) => {
|
||||
await request.get('/').expect(200);
|
||||
done();
|
||||
});
|
||||
|
||||
test('admin without trailing slash redirects', async (done) => {
|
||||
await request.get('/admin').expect(301);
|
||||
done();
|
||||
});
|
||||
|
||||
test('admin with trailing slash requires auth', async (done) => {
|
||||
await request.get('/admin/').expect(401);
|
||||
done();
|
||||
});
|
||||
|
||||
const paths = [
|
||||
'/admin/config/general/',
|
||||
'/admin/config/server/',
|
||||
'/admin/config-video',
|
||||
'/admin/config-chat/',
|
||||
'/admin/config-federation/',
|
||||
'/admin/config-notify',
|
||||
'/admin/federation/followers/',
|
||||
'/admin/chat/messages',
|
||||
'/admin/viewer-info/',
|
||||
'/admin/chat/users/',
|
||||
'/admin/stream-health',
|
||||
'/admin/hardware-info/',
|
||||
];
|
||||
|
||||
// Test a bunch of paths to make sure random different pages don't slip by for some reason.
|
||||
// Technically this shouldn't be possible but it's a sanity check anyway.
|
||||
paths.forEach((path) => {
|
||||
test(`admin path ${path} requires auth and should fail`, async (done) => {
|
||||
await request.get(path).expect(401);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
// Try them again with auth. Some with trailing slashes some without.
|
||||
// Allow redirects.
|
||||
paths.forEach((path) => {
|
||||
test(`admin path ${path} requires auth and should pass`, async (done) => {
|
||||
const r = await request.get(path).auth('admin', 'abc123');
|
||||
expect([200, 301]).toContain(r.status);
|
||||
done();
|
||||
});
|
||||
});
|
Loading…
x
Reference in New Issue
Block a user