Files

176 lines
5.3 KiB
JavaScript

/*
* Test Module: API Key & User Isolation
* Tests scenarios 1 and 2
*/
'use strict';
const utils = require('../utils.js').LinkdingSyncTests;
const SCENARIO_NAME = 'API Key & User Isolation Tests';
// Helper to create a test bookmark with work API key
async function createWorkBookmark(url, options) {
utils.SessionManager.setContext(
CONFIG.serverUrl,
CONFIG.workApiKey,
CONFIG.workUser,
CONFIG.workBundle
);
return utils.Helpers.createBookmark(url, options);
}
// Helper to create a test bookmark with personal API key
async function createPersonalBookmark(url, options) {
utils.SessionManager.setContext(
CONFIG.serverUrl,
CONFIG.personalApiKey,
CONFIG.personalUser,
CONFIG.personalBundle
);
return utils.Helpers.createBookmark(url, options);
}
// Helper to fetch with work API key
async function fetchWork(id) {
utils.SessionManager.setContext(
CONFIG.serverUrl,
CONFIG.workApiKey,
CONFIG.workUser,
CONFIG.workBundle
);
return utils.Helpers.fetchBookmark(id);
}
// Helper to fetch with personal API key
async function fetchPersonal(id) {
utils.SessionManager.setContext(
CONFIG.serverUrl,
CONFIG.personalApiKey,
CONFIG.personalUser,
CONFIG.personalBundle
);
return utils.Helpers.fetchBookmark(id);
}
// Helper to list with personal API key
async function listPersonal(queryParams = {}) {
utils.SessionManager.setContext(
CONFIG.serverUrl,
CONFIG.personalApiKey,
CONFIG.personalUser,
CONFIG.personalBundle
);
return utils.SessionManager.call('/api/bookmarks/', 'GET', queryParams);
}
// Test 1: Same URL, Different API Keys, Same User
async function test1_SameUserDifferentKeys() {
console.log('\n=== Test 1: Same URL, Different API Keys, Same User ===');
console.log('Purpose: Verify if API keys provide isolation within same user');
try {
// Create with work key
const bm1 = await createWorkBookmark('https://isolation-test.example.com', {
title: 'Isolation Test - Work Key'
});
// Create same URL with personal key
const bm2 = await createPersonalBookmark('https://isolation-test.example.com', {
title: 'Isolation Test - Personal Key'
});
console.log(` Work bookmark ID: ${bm1.id}`);
console.log(` Personal bookmark ID: ${bm2.id}`);
if (bm1.id === bm2.id) {
utils.Formatters.consoleResult('Test 1', 'FAIL', 'Same bookmark ID - API keys do NOT provide isolation');
console.log(' → Same user means same bookmarks regardless of API key');
return { pass: false, reason: 'API keys do not provide isolation within same user' };
} else {
utils.Formatters.consoleResult('Test 1', 'PASS', 'Different bookmark IDs - API keys provide isolation');
console.log(' → Different API keys create separate bookmarks');
return { pass: true, ids: { work: bm1.id, personal: bm2.id } };
}
} catch (error) {
utils.Formatters.consoleResult('Test 1', 'FAIL', error.message);
throw error;
}
}
// Test 2: Different Users - Verify isolation
async function test2_DifferentUsers() {
console.log('\n=== Test 2: Different Users - Verify Isolation ===');
console.log('Purpose: Verify isolation between different users');
try {
// Create bookmark as work user
const workUrl = 'https://cross-user-isolation.example.com';
const workBookmark = await createWorkBookmark(workUrl, {
title: 'Cross-User Test - Work'
});
console.log(` Bookmark created by work user: ID=${workBookmark.id}`);
// Work user sees their own bookmark
const workFetch = await fetchWork(workBookmark.id);
console.log(` Work user sees bookmark: ${workFetch.title}`);
// Personal user queries for the test bookmark
utils.SessionManager.setContext(
CONFIG.serverUrl,
CONFIG.personalApiKey,
CONFIG.personalUser,
CONFIG.personalBundle
);
const personalFetch = await listPersonal({ limit: 100 });
console.log(` Personal user sees ${personalFetch.count || personalFetch.results?.length || 0} bookmarks`);
if (personalFetch.results && personalFetch.results.length > 0) {
utils.Formatters.consoleResult('Test 2', 'FAIL', 'Users can see each other\'s bookmarks');
console.log(' → Sharing enabled or same underlying user');
return { pass: false, reason: 'Users can see each other\'s bookmarks (sharing or same user)' };
} else {
utils.Formatters.consoleResult('Test 2', 'PASS', 'Proper user isolation exists');
console.log(' → Can use different API keys for isolation');
return { pass: true };
}
} catch (error) {
utils.Formatters.consoleResult('Test 2', 'FAIL', error.message);
throw error;
}
}
// Run all tests
async function runIsolationTests() {
console.log('\n' + '='.repeat(60));
console.log(' ' + SCENARIO_NAME);
console.log('='.repeat(60));
const results = [];
try {
results[0] = await test1_SameUserDifferentKeys();
results[1] = await test2_DifferentUsers();
} catch (error) {
console.error('Test suite error:', error.message);
utils.Helpers.resetBookmarks();
}
console.log('\n' + '='.repeat(60));
console.log(' Isolation Tests Complete');
console.log('='.repeat(60));
return results;
}
// Export
window.LinkdingSyncTests.TestIsolation = {
run: runIsolationTests,
test1: test1_SameUserDifferentKeys,
test2: test2_DifferentUsers
};