From: Justin Wind <justin.wind+git@gmail.com>
Date: Sun, 15 May 2022 20:34:50 +0000 (-0700)
Subject: fix unauthenticated topic details flow
X-Git-Tag: v1.3.8^2~2
X-Git-Url: http://git.squeep.com/?p=websub-hub;a=commitdiff_plain;h=3839577f7cdab67b4591bc827e037d6c173c9dae

fix unauthenticated topic details flow
---

diff --git a/src/service.js b/src/service.js
index 7e07a49..e769599 100644
--- a/src/service.js
+++ b/src/service.js
@@ -171,9 +171,9 @@ class Service extends Dingus {
 
     this.setResponseType(this.responseTypes, req, res, ctx);
 
-    await this.authenticator.sessionRequired(req, res, ctx, this.loginPath);
-
-    await this.manager.getAdminOverview(res, ctx);
+    if (await this.authenticator.sessionRequired(req, res, ctx, this.loginPath)) {
+      await this.manager.getAdminOverview(res, ctx);
+    }
   }
 
 
@@ -190,9 +190,9 @@ class Service extends Dingus {
 
     this.setResponseType(this.responseTypes, req, res, ctx);
 
-    await this.authenticator.sessionRequired(req, res, ctx, this.loginPath);
-
-    await this.manager.getTopicDetails(res, ctx);
+    if (await this.authenticator.sessionRequired(req, res, ctx, this.loginPath)) {
+      await this.manager.getTopicDetails(res, ctx);
+    }
   }
 
 
diff --git a/test/src/service.js b/test/src/service.js
index 9afaf13..62c0059 100644
--- a/test/src/service.js
+++ b/test/src/service.js
@@ -108,19 +108,33 @@ describe('Service', function () {
   }); // handlerGetHistorySVG
 
   describe('handlerGetAdminOverview', function () {
-    it('covers', async function () {
+    it('covers authenticated', async function () {
+      service.authenticator.sessionRequired.resolves(false);
+      await service.handlerGetAdminOverview(req, res, ctx);
+      assert(service.authenticator.sessionRequired.called);
+      assert(service.manager.getAdminOverview.notCalled);
+    });
+    it('covers unauthenticated', async function () {
+      service.authenticator.sessionRequired.resolves(true);
       await service.handlerGetAdminOverview(req, res, ctx);
       assert(service.authenticator.sessionRequired.called);
       assert(service.manager.getAdminOverview.called);
-    })
+    });
   }); // handlerGetAdminOverview
 
   describe('handlerGetAdminTopicDetails', function () {
-    it('covers', async function () {
+    it('covers unauthenticated', async function () {
+      service.authenticator.sessionRequired.resolves(false);
+      await service.handlerGetAdminTopicDetails(req, res, ctx);
+      assert(service.authenticator.sessionRequired.called);
+      assert(service.manager.getTopicDetails.notCalled);
+    });
+    it('covers authenticated', async function () {
+      service.authenticator.sessionRequired.resolves(true);
       await service.handlerGetAdminTopicDetails(req, res, ctx);
       assert(service.authenticator.sessionRequired.called);
       assert(service.manager.getTopicDetails.called);
-    })
+    });
   }); // handlerGetAdminTopicDetails
 
   describe('handlerPostAdminProcess', function () {