fix: repair legacy qdreader fallback bindings
This commit is contained in:
@@ -5,7 +5,7 @@ import vm from 'node:vm';
|
||||
const pluginPath = new URL('../plugins/qdreader/qdreader_sign_autman.js', import.meta.url).pathname;
|
||||
const code = fs.readFileSync(pluginPath, 'utf8');
|
||||
|
||||
function runPlugin({ content = '', store = {}, bucketStore = {}, requests = [], userId = 'user-a', listens = [], senderOverrides = {}, globals = {} } = {}) {
|
||||
function runPlugin({ content = '', store = {}, bucketStore = {}, requests = [], userId = 'user-a', listens = [], senderOverrides = {}, globals = {}, admin = true } = {}) {
|
||||
const replies = [];
|
||||
const calls = [];
|
||||
let requestIndex = 0;
|
||||
@@ -14,7 +14,7 @@ function runPlugin({ content = '', store = {}, bucketStore = {}, requests = [],
|
||||
reply: (msg) => replies.push(String(msg)),
|
||||
getMessage: () => content,
|
||||
getContent: () => content,
|
||||
isAdmin: () => true,
|
||||
isAdmin: () => admin,
|
||||
getUserID: () => userId,
|
||||
listen: () => (listenIndex < listens.length ? listens[listenIndex++] : 'q'),
|
||||
};
|
||||
@@ -178,15 +178,38 @@ test('quick submit can re-add cookie when old binding remains but cookie was man
|
||||
assert.equal(JSON.parse(r.store.qdreader_user_bind_json)['12345'], 'user-a');
|
||||
});
|
||||
|
||||
test('quick submit still rejects overwrite when cookie and another owner binding both exist', () => {
|
||||
test('quick submit still rejects overwrite when cookie and real another owner binding both exist', () => {
|
||||
const store = {
|
||||
qdreader_cookie_json: JSON.stringify({ '12345': cookie }),
|
||||
qdreader_user_bind_json: JSON.stringify({ '12345': 'old-user' }),
|
||||
qdreader_user_bind_json: JSON.stringify({ '12345': '987654321' }),
|
||||
};
|
||||
const r = runPlugin({ content: '启点ck ' + cookie.replace('qdh=qdh', 'qdh=newqdh'), store, userId: 'user-a', listens: ['n'] });
|
||||
assert.match(r.replies.join('\n'), /无权更新 uid: 12345/);
|
||||
assert.equal(JSON.parse(r.store.qdreader_cookie_json)['12345'], cookie);
|
||||
assert.equal(JSON.parse(r.store.qdreader_user_bind_json)['12345'], 'old-user');
|
||||
assert.equal(JSON.parse(r.store.qdreader_user_bind_json)['12345'], '987654321');
|
||||
});
|
||||
|
||||
test('quick submit can repair legacy fallback owner when admin submits existing cookie', () => {
|
||||
const store = {
|
||||
qdreader_cookie_json: JSON.stringify({ '12345': cookie }),
|
||||
qdreader_user_bind_json: JSON.stringify({ '12345': 'chickliu' }),
|
||||
};
|
||||
const r = runPlugin({ content: '启点ck ' + cookie.replace('qdh=qdh', 'qdh=newqdh'), store, userId: 'real-user', admin: true, listens: ['n'] });
|
||||
assert.match(r.replies.join('\n'), /旧绑定来自历史兜底标识/);
|
||||
assert.match(r.replies.join('\n'), /CK更新成功/);
|
||||
assert.equal(JSON.parse(r.store.qdreader_user_bind_json)['12345'], 'real-user');
|
||||
assert.match(JSON.parse(r.store.qdreader_cookie_json)['12345'], /qdh=newqdh/);
|
||||
});
|
||||
|
||||
test('non-admin quick submit still rejects existing cookie bound to legacy fallback owner', () => {
|
||||
const store = {
|
||||
qdreader_cookie_json: JSON.stringify({ '12345': cookie }),
|
||||
qdreader_user_bind_json: JSON.stringify({ '12345': 'chickliu' }),
|
||||
};
|
||||
const r = runPlugin({ content: '启点ck ' + cookie.replace('qdh=qdh', 'qdh=newqdh'), store, userId: 'real-user', admin: false, listens: ['n'] });
|
||||
assert.match(r.replies.join('\n'), /无权更新 uid: 12345/);
|
||||
assert.equal(JSON.parse(r.store.qdreader_user_bind_json)['12345'], 'chickliu');
|
||||
assert.equal(JSON.parse(r.store.qdreader_cookie_json)['12345'], cookie);
|
||||
});
|
||||
|
||||
test('quick submit rejects save when Autman JS has no user identity', () => {
|
||||
@@ -422,11 +445,11 @@ test('unbound global cookies are not visible or usable by normal users', () => {
|
||||
test('user cannot overwrite another user bound cookie', () => {
|
||||
const store = {
|
||||
qdreader_cookie_json: JSON.stringify({ '12345': cookie }),
|
||||
qdreader_user_bind_json: JSON.stringify({ '12345': 'user-a' }),
|
||||
qdreader_user_bind_json: JSON.stringify({ '12345': '987654321' }),
|
||||
};
|
||||
const newCookie = cookie.replace('sessionyw=s', 'sessionyw=changed');
|
||||
const r = runPlugin({ content: '启点ck ' + newCookie, store, userId: 'user-b' });
|
||||
assert.match(r.replies.join('\n'), /无权更新 uid: 12345/);
|
||||
assert.equal(JSON.parse(r.store.qdreader_cookie_json)['12345'], cookie);
|
||||
assert.equal(JSON.parse(r.store.qdreader_user_bind_json)['12345'], 'user-a');
|
||||
assert.equal(JSON.parse(r.store.qdreader_user_bind_json)['12345'], '987654321');
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user