helpy4/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich synced 2025-10-17 18:19:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(server): prevent leaking isFavorite and isArchived info (#7580)

Browse source 
* fix: prevent leaking favorites info

* add e2e test

* fix: e2e test

* fix: isArchived

* fix: keep old version
This commit is contained in:
martin 2024-03-03 00:01:24 +01:00 committed by GitHub
parent f03381a5b1
commit ebe7a14c14
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 28 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

13
e2e/src/api/specs/album.e2e-spec.ts
View file

@ -41,7 +41,7 @@ describe('/album', () => {
]);
[user1Asset1, user1Asset2] = await Promise.all([
apiUtils.createAsset(user1.accessToken),
apiUtils.createAsset(user1.accessToken, { isFavorite: true }),
apiUtils.createAsset(user1.accessToken),
]);
@ -119,6 +119,17 @@ describe('/album', () => {
expect(body).toEqual(errorDto.badRequest(['assetId must be a UUID']));
});
it("should not show other users' favorites", async () => {
const { status, body } = await request(app)
.get(`/album/${user1Albums[0].id}?withoutAssets=false`)
.set('Authorization', `Bearer ${user2.accessToken}`);
expect(status).toEqual(200);
expect(body).toEqual({
...user1Albums[0],
assets: [expect.objectContaining({ isFavorite: false })],
});
});
it('should not return shared albums with a deleted owner', async () => {
const { status, body } = await request(app)
.get('/album?shared=true')