TREK/server/tests/unit/nest at 37f1fff3670f137efd8e884933a065dce7e24e84 - TREK

k1nq/TREK

mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-30 18:46:00 +00:00

Files

T

Maurice 03cdb4d276 fix(files): reject cross-trip reservation/place/assignment links

A member of one trip could point a file at a reservation, place or
day-assignment belonging to another, private trip — on upload, on a
metadata update, or through the file-link endpoint. The reservation join
in the file list and the links list then returned that trip's reservation
title, disclosing it across the trip boundary and letting an attacker
enumerate foreign reservation titles by their id.

The file already had to belong to the caller's trip; now the linked
reservation/place/assignment must too. findForeignLinkTarget checks each
supplied id against the trip (assignments via day -> trip) and the upload,
update and link handlers reject a cross-trip reference with 400 before it
is stored. Same-trip links and clearing a link are unchanged.

2026-06-27 20:14:52 +02:00

accommodations.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

addons.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

addons.service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

admin.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

airports.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

assignments.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

atlas.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

auth-guard.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

auth.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

backup.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

budget.controller.test.ts

fix(costs): freeze the FX rate so settled expenses don't reopen when rates drift (#1335 )

2026-06-27 20:14:52 +02:00

budget.service.test.ts

fix(costs): freeze the FX rate so settled expenses don't reopen when rates drift (#1335 )

2026-06-27 20:14:52 +02:00

categories.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

collab.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

config.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

database-service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

days.controller.test.ts

test(days): bump over-long-time assertion to the new 250 limit (#1252 )

2026-06-23 21:23:39 +02:00

exception-filter.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

files.controller.test.ts

fix(files): reject cross-trip reservation/place/assignment links

2026-06-27 20:14:52 +02:00

files.service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

health.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

health.di.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

idempotency.interceptor.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

journey.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

maps.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

maps.service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

memories.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

memories.service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

notifications.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

oauth.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

oauth.service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

oidc.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

oidc.service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

packing.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

packing.service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

places.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

platform.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

reservations.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

reservations.service.test.ts

v3.1.1 bug fixes (#1228 )

2026-06-18 20:13:30 +02:00

settings.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

share.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

share.service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

system-notices.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

tags.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

todo.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

trips.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

trips.service.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

vacay.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

weather.controller.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

wiring.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00

zod-pipe.test.ts

Release 3.1.0 (#1185 )

2026-06-16 22:22:45 +02:00