smaller fixes + allow entries without title/name

This commit is contained in:
Niko Abeler 2022-11-19 13:43:10 +01:00
parent 2246cae3f7
commit 1039a905bc
2 changed files with 141 additions and 18 deletions

View File

@ -258,21 +258,6 @@ func userMicropubHandler(repo *owl.Repository) func(http.ResponseWriter, *http.R
return return
} }
// verify access token
token := r.Header.Get("Authorization")
if token == "" {
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte("Unauthorized"))
return
}
token = strings.TrimPrefix(token, "Bearer ")
valid, _ := user.ValidateAccessToken(token)
if !valid {
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte("Unauthorized"))
return
}
// parse request form // parse request form
err = r.ParseForm() err = r.ParseForm()
if err != nil { if err != nil {
@ -280,6 +265,40 @@ func userMicropubHandler(repo *owl.Repository) func(http.ResponseWriter, *http.R
w.Write([]byte("Bad request")) w.Write([]byte("Bad request"))
return return
} }
// verify access token
header_token := r.Header.Get("Authorization")
form_token := r.Form.Get("access_token")
if header_token != "" {
header_token = strings.TrimPrefix(header_token, "Bearer ")
}
if header_token == "" && form_token == "" {
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte("Unauthorized"))
return
}
if header_token != "" && form_token != "" {
w.WriteHeader(http.StatusBadRequest)
w.Write([]byte("Multiple access tokens provided"))
return
}
var token string
if header_token != "" {
token = header_token
} else {
token = form_token
}
valid, _ := user.ValidateAccessToken(token)
if !valid {
w.WriteHeader(http.StatusUnauthorized)
w.Write([]byte("Unauthorized"))
return
}
h := r.Form.Get("h") h := r.Form.Get("h")
content := r.Form.Get("content") content := r.Form.Get("content")
name := r.Form.Get("name") name := r.Form.Get("name")
@ -290,9 +309,9 @@ func userMicropubHandler(repo *owl.Repository) func(http.ResponseWriter, *http.R
w.Write([]byte("Bad request. h must be entry")) w.Write([]byte("Bad request. h must be entry"))
return return
} }
if content == "" || name == "" { if content == "" {
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
w.Write([]byte("Bad request. content and name are required")) w.Write([]byte("Bad request. content is required"))
return return
} }
@ -313,8 +332,8 @@ func userMicropubHandler(repo *owl.Repository) func(http.ResponseWriter, *http.R
return return
} }
w.Header().Add("Location", post.FullUrl())
w.WriteHeader(http.StatusCreated) w.WriteHeader(http.StatusCreated)
w.Header().Set("Location", post.FullUrl())
} }
} }

View File

@ -45,3 +45,107 @@ func TestMicropubMinimalArticle(t *testing.T) {
assertions.AssertStatus(t, rr, http.StatusCreated) assertions.AssertStatus(t, rr, http.StatusCreated)
} }
func TestMicropubWithoutName(t *testing.T) {
repo, user := getSingleUserTestRepo()
user.ResetPassword("testpassword")
code, _ := user.GenerateAuthCode(
"test", "test", "test", "test", "test",
)
token, _, _ := user.GenerateAccessToken(owl.AuthCode{
Code: code,
ClientId: "test",
RedirectUri: "test",
CodeChallenge: "test",
CodeChallengeMethod: "test",
Scope: "test",
})
// Create Request and Response
form := url.Values{}
form.Add("h", "entry")
form.Add("content", "Test Content")
req, err := http.NewRequest("POST", user.MicropubUrl(), strings.NewReader(form.Encode()))
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
req.Header.Add("Authorization", "Bearer "+token)
assertions.AssertNoError(t, err, "Error creating request")
rr := httptest.NewRecorder()
router := main.SingleUserRouter(&repo)
router.ServeHTTP(rr, req)
assertions.AssertStatus(t, rr, http.StatusCreated)
loc_header := rr.Header().Get("Location")
assertions.Assert(t, loc_header != "", "Location header should be set")
}
func TestMicropubAccessTokenInBody(t *testing.T) {
repo, user := getSingleUserTestRepo()
user.ResetPassword("testpassword")
code, _ := user.GenerateAuthCode(
"test", "test", "test", "test", "test",
)
token, _, _ := user.GenerateAccessToken(owl.AuthCode{
Code: code,
ClientId: "test",
RedirectUri: "test",
CodeChallenge: "test",
CodeChallengeMethod: "test",
Scope: "test",
})
// Create Request and Response
form := url.Values{}
form.Add("h", "entry")
form.Add("content", "Test Content")
form.Add("access_token", token)
req, err := http.NewRequest("POST", user.MicropubUrl(), strings.NewReader(form.Encode()))
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
assertions.AssertNoError(t, err, "Error creating request")
rr := httptest.NewRecorder()
router := main.SingleUserRouter(&repo)
router.ServeHTTP(rr, req)
assertions.AssertStatus(t, rr, http.StatusCreated)
loc_header := rr.Header().Get("Location")
assertions.Assert(t, loc_header != "", "Location header should be set")
}
func TestMicropubAccessTokenInBoth(t *testing.T) {
repo, user := getSingleUserTestRepo()
user.ResetPassword("testpassword")
code, _ := user.GenerateAuthCode(
"test", "test", "test", "test", "test",
)
token, _, _ := user.GenerateAccessToken(owl.AuthCode{
Code: code,
ClientId: "test",
RedirectUri: "test",
CodeChallenge: "test",
CodeChallengeMethod: "test",
Scope: "test",
})
// Create Request and Response
form := url.Values{}
form.Add("h", "entry")
form.Add("content", "Test Content")
form.Add("access_token", token)
req, err := http.NewRequest("POST", user.MicropubUrl(), strings.NewReader(form.Encode()))
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
req.Header.Add("Content-Length", strconv.Itoa(len(form.Encode())))
req.Header.Add("Authorization", "Bearer "+token)
assertions.AssertNoError(t, err, "Error creating request")
rr := httptest.NewRecorder()
router := main.SingleUserRouter(&repo)
router.ServeHTTP(rr, req)
assertions.AssertStatus(t, rr, http.StatusBadRequest)
}