Ghost/test/regression/api/admin/utils.js

const url = require('url');
const testUtils = require('../../../utils');

const API_URL = '/ghost/api/admin/';

const expectedProperties = {
    posts: ['posts', 'meta'],
    tags: ['tags', 'meta'],
    users: ['users', 'meta'],
    settings: ['settings', 'meta'],
    roles: ['roles'],
    pagination: ['page', 'limit', 'pages', 'total', 'next', 'prev'],
    slugs: ['slugs'],
    slug: ['slug'],
    invites: ['invites', 'meta'],
    themes: ['themes'],
    members: ['members', 'meta'],
    site: [
        'title',
        'description',
        'logo',
        'icon',
        'accent_color',
        'url',
        'version'
    ],
    post: [
        'id',
        'uuid',
        'title',
        'slug',
        'mobiledoc',
        'comment_id',
        'feature_image',
        'feature_image_alt',
        'feature_image_caption',
        'featured',
        'status',
        'visibility',
        'email_segment',
        'created_at',
        'updated_at',
        'published_at',
        'custom_excerpt',
        'codeinjection_head',
        'codeinjection_foot',
        'custom_template',
        'canonical_url',
        'url',
        'primary_tag',
        'primary_author',
        'excerpt',
        'tags',
        'authors',
        'email',
        'og_image',
        'og_title',
        'og_description',
        'twitter_image',
        'twitter_title',
        'twitter_description',
        'meta_title',
        'meta_description',
        'email_subject',
        'frontmatter',
        'email_only',
        'tiers',
        'newsletter'
    ],
    user: [
        'id',
        'name',
        'slug',
        'email',
        'profile_image',
        'cover_image',
        'bio',
        'website',
        'location',
        'facebook',
        'twitter',
        'accessibility',
        'status',
        'meta_title',
        'meta_description',
        'tour',
        'last_seen',
        'created_at',
        'updated_at',
        'url'
    ],
    tag: [
        'id',
        'name',
        'slug',
        'description',
        'feature_image',
        'visibility',
        'og_image',
        'og_title',
        'og_description',
        'twitter_image',
        'twitter_title',
        'twitter_description',
        'meta_title',
        'meta_description',
        'codeinjection_head',
        'codeinjection_foot',
        'canonical_url',
        'accent_color',
        'created_at',
        'updated_at'
    ],
    setting: [
        'id',
        'group',
        'key',
        'value',
        'type',
        'flags',
        'created_at',
        'updated_at'
    ],

    member: [
        'id',
        'uuid',
        'email',
        'status',
        'name',
        'note',
        'geolocation',
        'subscribed',
        'email_count',
        'email_opened_count',
        'email_open_rate',
        'created_at',
        'updated_at',
        'avatar_image',
        'labels',
        'comped'
    ],
    member_signin_url: ['member_id', 'url'],
    role: ['id', 'name', 'description', 'created_at', 'updated_at'],
    permission: [
        'id',
        'name',
        'object_type',
        'action_type',
        'object_id',
        'created_at',
        'updated_at'
    ],
    notification: [
        'type',
        'message',
        'status',
        'id',
        'dismissible',
        'location',
        'custom'
    ],
    theme: ['name', 'package', 'active'],
    invite: [
        'id',
        'role_id',
        'status',
        'email',
        'expires',
        'created_at',
        'updated_at'
    ],
    webhook: [
        'id',
        'event',
        'target_url',
        'name',
        'secret',
        'api_version',
        'integration_id',
        'last_triggered_at',
        'last_triggered_status',
        'last_triggered_error',
        'created_at',
        'updated_at'
    ],
    email_previews: ['html', 'subject', 'plaintext']
};

module.exports = {
    API: {
        getApiQuery(route) {
            return url.resolve(API_URL, route);
        },

        checkResponse(...args) {
            this.expectedProperties = expectedProperties;
            return testUtils.API.checkResponse.call(this, ...args);
        }
    },

    doAuth(...args) {
        return testUtils.API.doAuth(`${API_URL}session/`, ...args);
    },

    async startGhost(overrides = {}) {
        const defaults = {
            backend: true,
            frontend: false
        };

        return await testUtils.startGhost(Object.assign(defaults, overrides));
    },

    getValidAdminToken(endpoint, key) {
        const jwt = require('jsonwebtoken');
        key = key || testUtils.DataGenerator.Content.api_keys[0];

        const JWT_OPTIONS = {
            keyid: key.id,
            algorithm: 'HS256',
            expiresIn: '5m',
            audience: endpoint
        };

        return jwt.sign(
            {},
            Buffer.from(key.secret, 'hex'),
            JWT_OPTIONS
        );
    }
};
Added unit and regression tests for canary no issue Adds unit and regression test for new canary endpoint, currently replicating v2 2019-08-09 17:25:12 +03:00			`const url = require('url');`
Removed canary folder from regression tests - we no longer have any concept of testing other versions than canary, therefore this folder doesn't mean anything 2022-02-06 19:18:41 +03:00			`const testUtils = require('../../../utils');`
Refactored post resource Admin API test utils refs https://github.com/TryGhost/Team/issues/687 - The approach of generating validation properties using `/server/data/schema` package's tables object is prone to leaking unwanted database fields into API responses - This refactor takes a tiny step into direction of relying on "allowlist" approach for properties in the API response resources. - Apart from solving the described property leak problem it also moves toward decoupling tests from `/core/server` dependencies! 2021-05-12 17:15:54 +03:00
Aliased canary endpoints to point to non-versioned URLs refs https://github.com/TryGhost/Toolbox/issues/169 - Before releasing Ghost v5 we would like to move all canary-related URLs to a non-versioned format, which will become a default in v5. - 'canary' is by definition unstable, so breaking any unprepared client explicitly using the canary is expected - Removed the aliased /content/ and /admin/ apps from app.js because with updated configuration they become duplicates of 'canary' endpoints 2022-03-11 14:27:43 +03:00			`const API_URL = '/ghost/api/admin/';`
Added unit and regression tests for canary no issue Adds unit and regression test for new canary endpoint, currently replicating v2 2019-08-09 17:25:12 +03:00
			`const expectedProperties = {`
			`posts: ['posts', 'meta'],`
			`tags: ['tags', 'meta'],`
			`users: ['users', 'meta'],`
			`settings: ['settings', 'meta'],`
			`roles: ['roles'],`
			`pagination: ['page', 'limit', 'pages', 'total', 'next', 'prev'],`
			`slugs: ['slugs'],`
			`slug: ['slug'],`
			`invites: ['invites', 'meta'],`
			`themes: ['themes'],`
✨ Added `?search=` param to Admin API members endpoint (#11854) no issue - adds `search` bookshelf plugin that calls out to an optional `searchQuery()` method on individual models to apply model-specific SQL conditions to queries - updated the base model's `findPage()` method to use the search plugin within `findPage` calls - added a `searchQuery` method to the `member` model that performs a basic `LIKE %query%` for both `name` and `email` columns - allowed the `?search=` parameter to pass through in the `options` object for member browse requests 2020-05-28 12:14:02 +03:00			`members: ['members', 'meta'],`
Updated dynamic whitelist from schema to static array no-issue This protects our tests against changes to the database schema, which helps us decouple the API from the database, and make tests less brittle. It also forces us to manually update the tests if we do make a change to the API! 2021-05-19 14:46:40 +03:00			`site: [`
			`'title',`
			`'description',`
			`'logo',`
			`'icon',`
			`'accent_color',`
			`'url',`
			`'version'`
			`],`
Refactored post resource Admin API test utils refs https://github.com/TryGhost/Team/issues/687 - The approach of generating validation properties using `/server/data/schema` package's tables object is prone to leaking unwanted database fields into API responses - This refactor takes a tiny step into direction of relying on "allowlist" approach for properties in the API response resources. - Apart from solving the described property leak problem it also moves toward decoupling tests from `/core/server` dependencies! 2021-05-12 17:15:54 +03:00			`post: [`
			`'id',`
			`'uuid',`
			`'title',`
			`'slug',`
			`'mobiledoc',`
			`'comment_id',`
			`'feature_image',`
Added `posts_meta.feature_image_{alt,caption}` columns (#13030) refs https://github.com/TryGhost/Team/issues/770 We want post feature image functionality to better match what's available inside the editor, to do that we'll need somewhere to store alt and caption meta data. `posts_meta` chosen because even though we want to make this generic for other tables in the future those tables also have a `feature_image` (or closely related) field. - updated schema with new columns - added migration to create columns - cleaned new columns from API output - not output on v2/v3 - conditionally output on v4/canary output based on labs flag - bumped `@tryghost/admin-api-schema` to allow new columns through in canary API requests - silently clean properties from input when labs flag is disabled - updated acceptance tests so they fail if `admin-api-schema` is not letting the new fields through 2021-06-10 22:35:56 +03:00			`'feature_image_alt',`
			`'feature_image_caption',`
Refactored post resource Admin API test utils refs https://github.com/TryGhost/Team/issues/687 - The approach of generating validation properties using `/server/data/schema` package's tables object is prone to leaking unwanted database fields into API responses - This refactor takes a tiny step into direction of relying on "allowlist" approach for properties in the API response resources. - Apart from solving the described property leak problem it also moves toward decoupling tests from `/core/server` dependencies! 2021-05-12 17:15:54 +03:00			`'featured',`
			`'status',`
			`'visibility',`
Renamed newsletter_id and email_recipient_filter options (#14798) refs https://github.com/TryGhost/Team/issues/1596 - Renamed `newsletter_id` to `newsletter` option, the `newsletter` option expects a slug instead of an id - Renamed `email_recipient_filter` to `email_segment` option - Default `email_segment` to `all`. Ignored if no newsletter is set - `email_segment` is ignored if no newsletter is set - When reverting a post to a draft, both `newsletter` and `email_segment` are reset to their default values (null, all) - Removed legacy mapping from old email_recipient_filter values 'paid' and 'free' (already a migration in place) - Dropped legacy throwing errors when email_recipient_filter is paid or free in transformEmailRecipientFilter - Reorganized transformEmailRecipientFilter parameters for the now required newsletter parameter - Fixed an issue where the newsletter filter wasn't working because it wasn't in permittedoptions - Fixed an issue where you could send to an archived newsletter - Added an extra protection when scheduling to an active, and later archiving the newsletter - Dropped support for `send_email_when_published` in API - When importing posts we currently don't have a system in place to set the newsletter_id to map the `send_email_when_published` behaviour. Since this was already the case, I won't include a fix in this PR. - Stripped `email_recipient_filter`/`email_segment` from Content API (https://ghost.slack.com/archives/C02G9E68C/p1652363211841359?thread_ts=1650623650.233229&cid=C02G9E68C) - Updated `admin-api-schema` to 3.2.0, which includes the new email_segment property - Contains a temporary fix for https://github.com/TryGhost/Team/issues/1626, where the `.related('newsletter').fetch` call fails when the newsletter relation is already loaded, because of the overridden `formatOnWrite` method. Since the `email_recipient_filter` is no longer used without a newsletter, the `none` value is no longer used. A migration transforms all those values to `all`. This should be safe, because we only send an email now when newsletter_id is not null (scheduled posts should already have a newsletter_id, even if at the time of scheduling they didn't add the newsletter_id option, because at that time, we defaulted to the default newsletter). Admin changes to make this work: https://github.com/TryGhost/Admin/pull/2380 2022-05-16 11:18:04 +03:00			`'email_segment',`
Refactored post resource Admin API test utils refs https://github.com/TryGhost/Team/issues/687 - The approach of generating validation properties using `/server/data/schema` package's tables object is prone to leaking unwanted database fields into API responses - This refactor takes a tiny step into direction of relying on "allowlist" approach for properties in the API response resources. - Apart from solving the described property leak problem it also moves toward decoupling tests from `/core/server` dependencies! 2021-05-12 17:15:54 +03:00			`'created_at',`
			`'updated_at',`
			`'published_at',`
			`'custom_excerpt',`
			`'codeinjection_head',`
			`'codeinjection_foot',`
			`'custom_template',`
			`'canonical_url',`
			`'url',`
			`'primary_tag',`
			`'primary_author',`
			`'excerpt',`
			`'tags',`
			`'authors',`
			`'email',`
			`'og_image',`
			`'og_title',`
			`'og_description',`
			`'twitter_image',`
			`'twitter_title',`
			`'twitter_description',`
			`'meta_title',`
			`'meta_description',`
			`'email_subject',`
Added email_only property in Posts Admin API v4 https://github.com/TryGhost/Team/issues/893 - The property is only added to Admin API v4 and is invisible in all Content APIs as well as v2/v3 Posts APIs 2021-08-04 14:00:32 +03:00			`'frontmatter',`
Updated admin api schema to include tiers for post/page refs TryGhost/Team#1071 - new `tiers` key is now attached to posts/pages API response to include tiers visibility - updates expected response for post/page in tests to include `tiers` 2022-01-31 10:49:46 +03:00			`'email_only',`
Moved to using newsletter design settings in email serializer (#14562) refs https://github.com/TryGhost/Team/issues/1550 - Switched to using the newsletter design settings over the global settings - Made the `newsletter_id` property available in the Admin API Post resource - Added the `showHeaderName` variable that can be used in the post html template 2022-04-26 14:01:27 +03:00			`'tiers',`
Included newsletter relation by default in posts (#14723) refs https://github.com/TryGhost/Team/issues/1569 Changes in admin-api-schema: - https://github.com/TryGhost/SDK/compare/%40tryghost/admin-api-schema%402.14.1...%40tryghost/admin-api-schema%402.15.0 - Ignore `newsletter` when used in input Changes - Added the `newsletter` relation as a default include for posts - Removed the newsletter_id from the API output Tests - Test the newsletter relation is always loaded for browse, read, add and edit, unless the include option is added explicitly Co-authored-by: Matt Hanley <git@matthanley.co.uk> 2022-05-09 12:06:59 +03:00			`'newsletter'`
Refactored post resource Admin API test utils refs https://github.com/TryGhost/Team/issues/687 - The approach of generating validation properties using `/server/data/schema` package's tables object is prone to leaking unwanted database fields into API responses - This refactor takes a tiny step into direction of relying on "allowlist" approach for properties in the API response resources. - Apart from solving the described property leak problem it also moves toward decoupling tests from `/core/server` dependencies! 2021-05-12 17:15:54 +03:00			`],`
Updated dynamic whitelist from schema to static array no-issue This protects our tests against changes to the database schema, which helps us decouple the API from the database, and make tests less brittle. It also forces us to manually update the tests if we do make a change to the API! 2021-05-19 14:46:40 +03:00			`user: [`
			`'id',`
			`'name',`
			`'slug',`
			`'email',`
			`'profile_image',`
			`'cover_image',`
			`'bio',`
			`'website',`
			`'location',`
			`'facebook',`
			`'twitter',`
			`'accessibility',`
			`'status',`
			`'meta_title',`
			`'meta_description',`
			`'tour',`
			`'last_seen',`
			`'created_at',`
			`'updated_at',`
			`'url'`
			`],`
			`tag: [`
			`'id',`
			`'name',`
			`'slug',`
			`'description',`
			`'feature_image',`
			`'visibility',`
			`'og_image',`
			`'og_title',`
			`'og_description',`
			`'twitter_image',`
			`'twitter_title',`
			`'twitter_description',`
			`'meta_title',`
			`'meta_description',`
			`'codeinjection_head',`
			`'codeinjection_foot',`
			`'canonical_url',`
			`'accent_color',`
			`'created_at',`
			`'updated_at'`
			`],`
			`setting: [`
			`'id',`
			`'group',`
			`'key',`
			`'value',`
			`'type',`
			`'flags',`
			`'created_at',`
			`'updated_at'`
			`],`
Refactored post resource Admin API test utils refs https://github.com/TryGhost/Team/issues/687 - The approach of generating validation properties using `/server/data/schema` package's tables object is prone to leaking unwanted database fields into API responses - This refactor takes a tiny step into direction of relying on "allowlist" approach for properties in the API response resources. - Apart from solving the described property leak problem it also moves toward decoupling tests from `/core/server` dependencies! 2021-05-12 17:15:54 +03:00
Updated dynamic whitelist from schema to static array no-issue This protects our tests against changes to the database schema, which helps us decouple the API from the database, and make tests less brittle. It also forces us to manually update the tests if we do make a change to the API! 2021-05-19 14:46:40 +03:00			`member: [`
			`'id',`
			`'uuid',`
			`'email',`
			`'status',`
			`'name',`
			`'note',`
			`'geolocation',`
			`'subscribed',`
			`'email_count',`
			`'email_opened_count',`
			`'email_open_rate',`
			`'created_at',`
			`'updated_at',`
			`'avatar_image',`
🐛 Fixed saving Members with Complimentary plans (#13008) * 🐛 Fixed saving Members with Complimentary plans refs https://github.com/TryGhost/Team/issues/758 Since 4.6 The Admin is using the comped flag again, rather than creating subscriptions for zero-amount prices directly. With the `comped` flag removed, the default state was for it to be falsy in the Admin, and when saved would trigger the legacy comped flow, cancelling the subscription. This reverts commit 57a176ff3d18b58db635d20d397412741b53a627. 2021-06-03 20:28:14 +03:00			`'labels',`
			`'comped'`
Updated dynamic whitelist from schema to static array no-issue This protects our tests against changes to the database schema, which helps us decouple the API from the database, and make tests less brittle. It also forces us to manually update the tests if we do make a change to the API! 2021-05-19 14:46:40 +03:00			`],`
✨ Added member login resource to Admin API (#11607) no issue - Adds 'GET /members/:id/signin_urls' endpoint to Admin API allowing to fetch login URL for member. This URL allows to log in as a member which is useful in situations when you need to impersonate a member (for example to debug some issue they are having) - Added member_signin_urls permission with migrations. Only the "Owner" user can read "signin_urls" resource. Admin and other users will be denied access 2020-02-27 06:48:02 +03:00			`member_signin_url: ['member_id', 'url'],`
Updated dynamic whitelist from schema to static array no-issue This protects our tests against changes to the database schema, which helps us decouple the API from the database, and make tests less brittle. It also forces us to manually update the tests if we do make a change to the API! 2021-05-19 14:46:40 +03:00			`role: ['id', 'name', 'description', 'created_at', 'updated_at'],`
			`permission: [`
			`'id',`
			`'name',`
			`'object_type',`
			`'action_type',`
			`'object_id',`
			`'created_at',`
			`'updated_at'`
			`],`
			`notification: [`
			`'type',`
			`'message',`
			`'status',`
			`'id',`
			`'dismissible',`
			`'location',`
			`'custom'`
			`],`
Added unit and regression tests for canary no issue Adds unit and regression test for new canary endpoint, currently replicating v2 2019-08-09 17:25:12 +03:00			`theme: ['name', 'package', 'active'],`
Updated dynamic whitelist from schema to static array no-issue This protects our tests against changes to the database schema, which helps us decouple the API from the database, and make tests less brittle. It also forces us to manually update the tests if we do make a change to the API! 2021-05-19 14:46:40 +03:00			`invite: [`
			`'id',`
			`'role_id',`
			`'status',`
			`'email',`
			`'expires',`
			`'created_at',`
			`'updated_at'`
			`],`
			`webhook: [`
			`'id',`
			`'event',`
			`'target_url',`
			`'name',`
			`'secret',`
			`'api_version',`
			`'integration_id',`
			`'last_triggered_at',`
			`'last_triggered_status',`
			`'last_triggered_error',`
			`'created_at',`
			`'updated_at'`
			`],`
Renamed `email-preview` file to `email-previews` refs https://github.com/TryGhost/Toolbox/issues/308 - I recently pluralised the API endpoint but never made the changes to the controller file and everywhere else it's needed - this commit cleans up that inconsistency so it should be clearer 2022-04-25 20:38:46 +03:00			`email_previews: ['html', 'subject', 'plaintext']`
Added unit and regression tests for canary no issue Adds unit and regression test for new canary endpoint, currently replicating v2 2019-08-09 17:25:12 +03:00			`};`

			`module.exports = {`
			`API: {`
			`getApiQuery(route) {`
			`return url.resolve(API_URL, route);`
			`},`

			`checkResponse(...args) {`
			`this.expectedProperties = expectedProperties;`
			`return testUtils.API.checkResponse.call(this, ...args);`
			`}`
			`},`

			`doAuth(...args) {`
			return testUtils.API.doAuth(`${API_URL}session/`, ...args);
			`},`

Switched API regression tests to use frontendless boot refs https://github.com/TryGhost/Toolbox/issues/138 - The boot oprimization gives a boost in the boot time, which should save time running regression tests 2021-11-24 16:29:45 +03:00			`async startGhost(overrides = {}) {`
			`const defaults = {`
			`backend: true,`
			`frontend: false`
			`};`

			`return await testUtils.startGhost(Object.assign(defaults, overrides));`
			`},`

Added unit and regression tests for canary no issue Adds unit and regression test for new canary endpoint, currently replicating v2 2019-08-09 17:25:12 +03:00			`getValidAdminToken(endpoint, key) {`
			`const jwt = require('jsonwebtoken');`
			`key = key \|\| testUtils.DataGenerator.Content.api_keys[0];`

			`const JWT_OPTIONS = {`
			`keyid: key.id,`
			`algorithm: 'HS256',`
			`expiresIn: '5m',`
			`audience: endpoint`
			`};`

			`return jwt.sign(`
			`{},`
			`Buffer.from(key.secret, 'hex'),`
			`JWT_OPTIONS`
			`);`
			`}`
			`};`