IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2254 from gradido/2069-verify-token-before-redeeming-a-link

Browse Source 
fix: 🐛 Verify Token Before Redeeming A Link
This commit is contained in:
mahula 2022-10-12 17:31:35 +02:00 committed by GitHub
commit 1b4c013077
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 148 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
frontend/src/pages/TransactionLink.spec.js
View File

@ -43,6 +43,7 @@ const mocks = {
$store: { $store: {
state: { state: {
token: null, token: null,
tokenTime: null,
email: 'bibi@bloxberg.de', email: 'bibi@bloxberg.de',
}, },
}, },
@ -68,7 +69,7 @@ describe('TransactionLink', () => {
} }
describe('mount', () => { describe('mount', () => {
beforeEach(() => { beforeAll(() => {
jest.clearAllMocks() jest.clearAllMocks()
wrapper = Wrapper() wrapper = Wrapper()
}) })
@ -214,16 +215,26 @@ describe('TransactionLink', () => {
}) })
}) })
describe('token in store and own link', () => { describe('token in store', () => {
beforeEach(() => { beforeAll(() => {
mocks.$store.state.token = 'token' mocks.$store.state.token = 'token'
})
describe('sufficient token time in store', () => {
beforeAll(() => {
mocks.$store.state.tokenTime = Math.floor(Date.now() / 1000) + 20
})
describe('own link', () => {
beforeAll(() => {
apolloQueryMock.mockResolvedValue({ apolloQueryMock.mockResolvedValue({
data: { data: {
queryTransactionLink: { queryTransactionLink: {
__typename: 'TransactionLink', __typename: 'TransactionLink',
id: 92, id: 92,
amount: '22', amount: '22',
memo: 'Abrakadabra drei, vier, fünf, sechs, hier steht jetzt ein Memotext! Hex hex ', memo:
'Abrakadabra drei, vier, fünf, sechs, hier steht jetzt ein Memotext! Hex hex ',
createdAt: '2022-03-17T16:10:28.000Z', createdAt: '2022-03-17T16:10:28.000Z',
validUntil: transactionLinkValidExpireDate(), validUntil: transactionLinkValidExpireDate(),
redeemedAt: null, redeemedAt: null,
@ -251,15 +262,15 @@ describe('TransactionLink', () => {
}) })
describe('valid link', () => { describe('valid link', () => {
beforeEach(() => { beforeAll(() => {
mocks.$store.state.token = 'token'
apolloQueryMock.mockResolvedValue({ apolloQueryMock.mockResolvedValue({
data: { data: {
queryTransactionLink: { queryTransactionLink: {
__typename: 'TransactionLink', __typename: 'TransactionLink',
id: 92, id: 92,
amount: '22', amount: '22',
memo: 'Abrakadabra drei, vier, fünf, sechs, hier steht jetzt ein Memotext! Hex hex ', memo:
'Abrakadabra drei, vier, fünf, sechs, hier steht jetzt ein Memotext! Hex hex ',
createdAt: '2022-03-17T16:10:28.000Z', createdAt: '2022-03-17T16:10:28.000Z',
validUntil: transactionLinkValidExpireDate(), validUntil: transactionLinkValidExpireDate(),
redeemedAt: null, redeemedAt: null,
@ -282,7 +293,7 @@ describe('TransactionLink', () => {
}) })
describe('redeem link with success', () => { describe('redeem link with success', () => {
beforeEach(async () => { beforeAll(async () => {
apolloMutateMock.mockResolvedValue() apolloMutateMock.mockResolvedValue()
await wrapper.findComponent({ name: 'RedeemValid' }).find('button').trigger('click') await wrapper.findComponent({ name: 'RedeemValid' }).find('button').trigger('click')
}) })
@ -309,7 +320,7 @@ describe('TransactionLink', () => {
}) })
describe('redeem link with error', () => { describe('redeem link with error', () => {
beforeEach(async () => { beforeAll(async () => {
apolloMutateMock.mockRejectedValue({ message: 'Oh Noo!' }) apolloMutateMock.mockRejectedValue({ message: 'Oh Noo!' })
await wrapper.findComponent({ name: 'RedeemValid' }).find('button').trigger('click') await wrapper.findComponent({ name: 'RedeemValid' }).find('button').trigger('click')
}) })
@ -323,6 +334,43 @@ describe('TransactionLink', () => {
}) })
}) })
}) })
})
describe('no sufficient token time in store', () => {
beforeAll(() => {
mocks.$store.state.tokenTime = 1665125185
apolloQueryMock.mockResolvedValue({
data: {
queryTransactionLink: {
__typename: 'TransactionLink',
id: 92,
amount: '22',
memo:
'Abrakadabra drei, vier, fünf, sechs, hier steht jetzt ein Memotext! Hex hex ',
createdAt: '2022-03-17T16:10:28.000Z',
validUntil: transactionLinkValidExpireDate(),
redeemedAt: null,
deletedAt: null,
user: { firstName: 'Bibi', publisherId: 0, email: 'bibi@bloxberg.de' },
},
},
})
wrapper = Wrapper()
})
it('has a RedeemLoggedOut component', () => {
expect(wrapper.findComponent({ name: 'RedeemLoggedOut' }).exists()).toBe(true)
})
it('has a link to register with code', () => {
expect(wrapper.find('a[href="/register/some-code"]').exists()).toBe(true)
})
it('has a link to login with code', () => {
expect(wrapper.find('a[href="/login/some-code"]').exists()).toBe(true)
})
})
})
describe('error on transaction link query', () => { describe('error on transaction link query', () => {
beforeEach(() => { beforeEach(() => {

10
frontend/src/pages/TransactionLink.vue
View File

@ -103,6 +103,12 @@ export default {
isContributionLink() { isContributionLink() {
return this.$route.params.code.search(/^CL-/) === 0 return this.$route.params.code.search(/^CL-/) === 0
}, },
tokenExpiresInSeconds() {
const remainingSecs = Math.floor(
(new Date(this.$store.state.tokenTime * 1000).getTime() - new Date().getTime()) / 1000,
)
return remainingSecs <= 0 ? 0 : remainingSecs
},
itemType() { itemType() {
// link is deleted: at, from // link is deleted: at, from
if (this.linkData.deletedAt) { if (this.linkData.deletedAt) {
@ -130,7 +136,9 @@ export default {
return `TEXT` return `TEXT`
} }
if (this.$store.state.token) { if (this.$store.state.token && this.$store.state.tokenTime) {
if (this.tokenExpiresInSeconds < 5) return `LOGGED_OUT`
// logged in, nicht berechtigt einzulösen, eigener link // logged in, nicht berechtigt einzulösen, eigener link
if (this.linkData.user && this.$store.state.email === this.linkData.user.email) { if (this.linkData.user && this.$store.state.email === this.linkData.user.email) {
return `SELF_CREATOR` return `SELF_CREATOR`