SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity
Files
b39f9ecd2cdec4c2055da3f00e8761a01e1fce54
securebit-chat/tests/secure-chat-features.test.mjs
T
lockbitchat b39f9ecd2c
CodeQL Analysis / Analyze CodeQL (push) Waiting to run
Details
Deploy Application / deploy (push) Waiting to run
Details
Mirror to Codeberg / mirror (push) Waiting to run
Details
Mirror to PrivacyGuides / mirror (push) Waiting to run
Details
release: v4.8.20 secure chat tools — completed, fixed and polished 
Completes the messaging controls from v4.8.14 and fixes the bug that made them
appear broken for recipients.

Fixed:
- Per-message metadata was silently dropped for recipients. NotificationIntegration
  wrapped onMessage and deliverMessageToUI with 2-arg shims that called the
  originals without the 3rd argument (meta); with notifications enabled, view-once,
  disappearing timers and unsend all failed on the receiving side. Both wrappers
  now forward all arguments. Added tests/notification-meta-forwarding.test.mjs.
- Chat would not open after SAS: composer props were threaded into the wrong
  component (EnhancedConnectionSetup vs EnhancedChatInterface) -> ReferenceError
  nowTick on the verified re-render. Props moved to the chat component.

Changed:
- Code blocks: lightweight dependency-free syntax highlighting via React nodes
  (no innerHTML/remote scripts); code mode expands the input; copy auto-clears
  the clipboard after ~30s.
- View-once: configurable visible-after-open time (5s/15s/30s/1m) via meta.onceTtl.
- Disappearing timer: duration picker (Off/30s/5m/1h) instead of click-cycling.
- Composer toolbar moved next to "Send files"; borderless buttons, brand-orange
  active state; pickers open upward and are mobile-friendly.
- Sender bubble background lightened to rgba(249,115,22,0.05).

Removed:
- Panic wipe button (disconnect already wipes keys and clears session state).

Transport unchanged: per-message metadata travels inside the encrypted envelope,
whitelisted/bounded by _sanitizeMessageMeta. Full suite: 19 files, all passing.
Docs (README, CHANGELOG) updated; version bumped to 4.8.20.
2026-06-19 02:58:03 -04:00

103 lines
4.7 KiB
JavaScript
Raw Blame History

import assert from 'node:assert/strict';
// No DOM needed: we mock the incoming-chat sanitizer so DOMPurify/window are
// not required, and exercise the transport/meta plumbing directly.
globalThis.window = globalThis.window || {};
const { EnhancedSecureWebRTCManager } = await import('../src/network/EnhancedSecureWebRTCManager.js');
const P = EnhancedSecureWebRTCManager.prototype;
const T = EnhancedSecureWebRTCManager.MESSAGE_TYPES;
// ── _sanitizeMessageMeta: whitelist + bounds ────────────────────────────────
{
const ok = P._sanitizeMessageMeta.call({}, { mid: 'm_1-a', once: true, onceTtl: 15, ttl: 300, code: true });
assert.deepEqual(ok, { mid: 'm_1-a', code: true, once: true, onceTtl: 15, ttl: 300 });
// onceTtl is clamped to [1, 3600]; out-of-range is dropped.
assert.equal(P._sanitizeMessageMeta.call({}, { once: true, onceTtl: 99999 }).onceTtl, undefined);
assert.equal(P._sanitizeMessageMeta.call({}, { once: true, onceTtl: 30 }).onceTtl, 30);
// Junk and out-of-range values are stripped; with no valid keys -> null.
assert.equal(P._sanitizeMessageMeta.call({}, { foo: 1 }), null);
assert.equal(P._sanitizeMessageMeta.call({}, null), null);
assert.equal(P._sanitizeMessageMeta.call({}, { ttl: 999999 }), null); // above 24h cap
assert.equal(P._sanitizeMessageMeta.call({}, { ttl: 1 }), null); // below 5s floor
assert.equal(P._sanitizeMessageMeta.call({}, { once: 'yes' }), null); // must be exactly true
assert.deepEqual(P._sanitizeMessageMeta.call({}, { mid: 'bad id!@#' }), { mid: 'badid' }); // sanitized
}
// ── deliverMessageToUI forwards sanitized meta to onMessage ──────────────────
{
const calls = [];
const manager = {
_debugMode: false,
_secureLog() {},
_sanitizeIncomingChatMessage: (m) => m, // bypass DOMPurify in test
_sanitizeMessageMeta: P._sanitizeMessageMeta,
onMessage: (message, type, meta) => calls.push({ message, type, meta })
};
P.deliverMessageToUI.call(manager, 'hello', 'received', { once: true, ttl: 30, mid: 'm1', junk: 9 });
assert.equal(calls.length, 1);
assert.equal(calls[0].message, 'hello');
assert.equal(calls[0].type, 'received');
assert.deepEqual(calls[0].meta, { mid: 'm1', once: true, ttl: 30 });
// No meta -> onMessage gets undefined (backward compatible).
calls.length = 0;
P.deliverMessageToUI.call(manager, 'plain', 'received');
assert.equal(calls[0].meta, undefined);
}
// ── processMessage routes message_delete to onMessageDelete ──────────────────
{
const deleted = [];
const manager = {
_secureLog() {},
onMessageDelete: (id) => deleted.push(id)
};
await P.processMessage.call(
manager,
JSON.stringify({ type: T.MESSAGE_DELETE, data: { messageId: 'm_42' } })
);
assert.deepEqual(deleted, ['m_42']);
}
// ── live enhanced-message path delivers metadata to the UI ───────────────────
// This is the path real chat uses (dataChannel.onmessage -> _processEnhancedMessageWithoutMutex).
{
const envelope = JSON.stringify({ type: 'message', data: 'hi there', meta: { mid: 'm7', once: true, ttl: 30 } });
globalThis.window.EnhancedSecureCryptoUtils = {
decryptMessage: async () => ({ message: envelope })
};
const calls = [];
const manager = {
encryptionKey: {}, macKey: {}, metadataKey: {},
_secureLog() {},
_checkInboundRateLimit: () => true,
_sanitizeIncomingChatMessage: (m) => m,
_sanitizeMessageMeta: P._sanitizeMessageMeta,
onMessage: (message, type, meta) => calls.push({ message, type, meta }),
deliverMessageToUI: P.deliverMessageToUI
};
await P._processEnhancedMessageWithoutMutex.call(manager, { type: 'enhanced_message', data: 'enc' });
assert.equal(calls.length, 1);
assert.equal(calls[0].message, 'hi there');
assert.deepEqual(calls[0].meta, { mid: 'm7', once: true, ttl: 30 });
}
// ── sendMessageDelete emits a well-formed control message ────────────────────
{
const sent = [];
const manager = { sendSystemMessage: (m) => { sent.push(m); return true; } };
const result = P.sendMessageDelete.call(manager, 'm_99');
assert.equal(result, true);
assert.deepEqual(sent, [{ type: T.MESSAGE_DELETE, messageId: 'm_99' }]);
// Invalid ids are rejected without emitting anything.
sent.length = 0;
assert.equal(P.sendMessageDelete.call(manager, ''), false);
assert.equal(sent.length, 0);
}
console.log('Secure chat features tests passed');
Reference in New Issue View Git Blame Copy Permalink