This change improves privacy/security by ensuring all local storage (which includes settings, etc.) is destroyed on sign out or when revoking a remote session. Because signing out is now more "risky", the button has been moved to the settings along with other existing sessions.
This commit:
- Removes the power/sign-out icon from the sidebar footer (gives additional room for when the admin panel gets added)
- Adds a "Sign out" button next to the current session info in the settings session list
- Renames "Disconnect" buttons into "Revoke" to better clarify the intent (I will admit that I borrowed the wording from Telegram)
- Fixes incorrect `localStorage.remove` method
- Uses Sinon.js to mock wrappers for `window.localStorage` and `window.location` (does not mock those themselves, in the "Do not mock what you do not own" fashion, mock our layer instead). I expect we will be able to test a bit more from the UI with this. A good next candidate will be the `mockLogger` things.
Don't sort queries/users after special chans
Set all users in tests to be of type query
Add test for not inserting infront of lobby
Break after finding the index, otherwise it always adds it to the end
Add checking for lobby in first test
Fix off-by-one error on the frontend
Fix utterly idiotic issue adding a duplicate of the channel we are on rather than the new user when we query
Check that we always insert before first special chan
Despite being a bit gross to look at, this brings a few advantages:
- Tests are now closer to what actually runs, so more likely to find broken stuff.
- We can start using things that were so far Webpack-only or browser-only, like ES6 imports, loading Handlebars templates, etc.
- We open ourselves to browser testing (there is some work to do, but that would be a necessary step).
- We improve the client/server separation, by making it possible to run them independently
I do some extra steps around coverage: now we have 2 reports (client + server), so I have an extra step to combine them (the `nyc report` part). This is strictly to keep feature parity (the coverage report of this code is effectively the same as before), but in the near future, we might want to keep both reports separate, for example to continue separating client/server. Another reason would be to use something like Codecov, which I believe has the ability to have multiple reports. This is down the road though, our coverage is not good enough to make hosting them somewhere be useful (I think).
A few extras with this commit:
- Coverage summary is displayed when tests are run (this is not slowing down tests)
- Tests check for leaks (see https://mochajs.org/#--check-leaks)
- Tests now output with the `dot` reporter. This is nice as `npm test` runs in parallel, the whole output holds in a few lines instead of spanning over multiple screens.
Without this, going to `https://thelounge.example.com/index.html` would return the raw file. This now excludes it from the `public` folder so it cannot be rendered as is.
Renaming the file is for good measure, to indicate that this HTML file must be templated. Because it is a straight rename with no modification, rebasing PRs on it should not be to painful, as git re-applies changes on renamed files.
The biggest caveat is that JS code (such as functions) will not be interpreted as such, on purpose, for security precautions. If such thing is needed, then a configuration file must be used.
This has multiple benefits:
- Respects the "Do not mock what you do not own" principle, instead we mock `log.raw` when necessary
- Lets us not re-assign `console.log`, which breaks as Mocha uses `console.log` as well
- Save and restore initial `log.raw` in test hooks (before/after), otherwise this would break Mocha/Chai
I used `npm run coverage` while *not* excluding the test folder to detect dead code in our test folder, it is actually pretty useful to do so (as a one-shot, not to do that in our config).
Only remaining unreached path is L40 in `test/plugins/auth/ldap.js`, but it does seem to me that it might be useful in case of failures, so I preferred to leave it there.
