vikunja/frontend/tests/e2e/user/settings/caldav.spec.ts

58 lines
2.3 KiB
TypeScript

import {test, expect} from '../../../support/fixtures'
import {gotoUserSettings} from '../../../support/userSettings'
import {TokenFactory} from '../../../factories/token'
test.describe('CalDAV', () => {
test('generates a token that authenticates against the caldav endpoint', async ({
authenticatedPage: page, currentUser, apiContext,
}) => {
await gotoUserSettings(page, 'caldav')
const created = page.waitForResponse(r =>
r.url().includes('/user/settings/token/caldav') && r.request().method() === 'PUT',
)
await page.getByRole('button', {name: 'Create a CalDAV token'}).click()
await created
// Banner renders the one-time token string; capture it.
const banner = page.locator('.message').filter({hasText: 'Here is your new token'})
await expect(banner).toBeVisible()
const tokenText = await banner.innerText()
const tokenMatch = tokenText.match(/[A-Za-z0-9]{40,}/)
expect(tokenMatch).not.toBeNull()
const token = tokenMatch![0]
// Hit the caldav principal endpoint with basic auth.
const basic = Buffer.from(`${currentUser.username}:${token}`).toString('base64')
const resp = await apiContext.fetch(`/dav/principals/${currentUser.username}/`, {
method: 'PROPFIND',
headers: {Authorization: `Basic ${basic}`, Depth: '0'},
})
expect(resp.status()).toBeLessThan(300)
})
test('deleting a token revokes caldav access', async ({
authenticatedPage: page, currentUser,
}) => {
const tokenValue = 'fixed-caldav-token-123456789012345678901234567890'
// kind=4 is TokenCaldavAuth (see pkg/user/token.go)
await TokenFactory.create(1, {user_id: currentUser.id, kind: 4, token: tokenValue}, false)
await gotoUserSettings(page, 'caldav')
// Filter to data rows (rows containing a <td>) to exclude the <th>-only header row.
const dataRows = page.locator('table.table tr').filter({has: page.locator('td')})
await expect(dataRows).toHaveCount(1)
const deleted = page.waitForResponse(r =>
/\/user\/settings\/token\/caldav\/\d+/.test(r.url()) && r.request().method() === 'DELETE',
)
await dataRows.getByRole('button', {name: 'Delete'}).click()
await deleted
await expect(dataRows).toHaveCount(0)
// NOTE: the factory seeds the plaintext token as-is, but caldav tokens are
// stored bcrypt-hashed. We assert the row is gone in the UI rather than
// probing caldav with the seeded value.
})
})