feat: its working

jsjoeio · jsjoeio · commit 426d10b7298d · 2021-06-29T16:23:37.000-07:00
diff --git a/src/node/routes/login.ts b/src/node/routes/login.ts
@@ -4,7 +4,7 @@ import { RateLimiter as Limiter } from "limiter"
 import * as path from "path"
 import { rootPath } from "../constants"
 import { authenticated, getCookieDomain, redirect, replaceTemplates } from "../http"
-import { getPasswordMethod, handlePasswordValidation, humanPath, sanitizeString } from "../util"
+import { getPasswordMethod, handlePasswordValidation, humanPath, sanitizeString, escapeHTML } from "../util"
 
 export enum Cookie {
   Key = "key",
@@ -37,9 +37,6 @@ const getRoot = async (req: Request, error?: Error): Promise<string> => {
     passwordMsg = "Password was set from $HASHED_PASSWORD."
   }
 
-  if (error) {
-    console.log("there is an error", error.message)
-  }
   return replaceTemplates(
     req,
     content
@@ -115,6 +112,8 @@ router.post("/", async (req, res) => {
 
     throw new Error("Incorrect password")
   } catch (error) {
-    res.send(await getRoot(req, error))
+    const html = await getRoot(req, error)
+    const escapedHTML = escapeHTML(html)
+    res.send(escapedHTML)
   }
 })
diff --git a/test/unit/routes/login.test.ts b/test/unit/routes/login.test.ts
@@ -37,7 +37,7 @@ describe("login", () => {
       expect(limiter.removeToken()).toBe(false)
     })
   })
-  describe.only("/", () => {
+  describe("/login", () => {
     let _codeServer: httpserver.HttpServer | undefined
     function codeServer(): httpserver.HttpServer {
       if (!_codeServer) {
@@ -60,20 +60,18 @@ describe("login", () => {
       process.env.PASSWORD = previousEnvPassword
     })
 
-    // TODO@jsjoeio fix this name of test
-    it("should return an error", async () => {
-      const resp = await codeServer().fetch("/", { method: "POST" })
-      // TODO@jsjoeio um not sure why we are getting a 404
-      expect(resp.status).toBe(404)
+    it("should return escaped HTML with 'Missing password' message", async () => {
+      const resp = await codeServer().fetch("/login", { method: "POST" })
 
-      try {
-        const content = JSON.parse(await resp.text())
+      expect(resp.status).toBe(200)
 
-        expect(content.error).toMatch("ENOENT")
-      } catch (error) {
-        console.log("heree")
-        console.error(error)
-      }
+      const htmlContent = await resp.text()
+
+      expect(htmlContent).not.toContain(">")
+      expect(htmlContent).not.toContain("<")
+      expect(htmlContent).not.toContain('"')
+      expect(htmlContent).not.toContain("'")
+      expect(htmlContent).toContain("&lt;div class=&quot;error&quot;&gt;Missing password&lt;/div&gt;")
     })
   })
 })
