TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-18 07:51:55 +03:00
Code Issues Projects Releases Wiki Activity
5f7182b7a2
Ghost/core/test/functional/routes/admin_test.js

372 lines
13 KiB
JavaScript
Raw Normal View History

Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
/*global describe, it, before, after */
// # Frontend Route tests
// As it stands, these tests depend on the database, and as such are integration tests.
// Mocking out the models to not touch the DB would turn these into unit tests, and should probably be done in future,
// But then again testing real code, rather than mock code, might be more useful...
var request = require('supertest'),
Server start refactor, route tests use ghost app closes #2442, issue #2182 - Server start refactored - messaging is just messaging, deferred resolves the httpserver so that the connection can be closed - Updated travis config to set node env - Updated example config to be less travis-specific - Route tests updated to use this new functionality - Grunt test-routes simplified
2014-03-25 16:42:52 +04:00
express = require('express'),
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
should = require('should'),
moment = require('moment'),
testUtils = require('../../utils'),
Server start refactor, route tests use ghost app closes #2442, issue #2182 - Server start refactored - messaging is just messaging, deferred resolves the httpserver so that the connection can be closed - Updated travis config to set node env - Updated example config to be less travis-specific - Route tests updated to use this new functionality - Grunt test-routes simplified
2014-03-25 16:42:52 +04:00
ghost = require('../../../../core'),
httpServer,
Redirect from admin editor to frontend post view closes #2628 - added /view/ route to the editor. if /view/ is appended to the url of a post being edited a redirect to the frontend will occur - updated controller to check for /view/ and built the correct url for the post - added test for the new route
2014-05-01 05:50:24 +04:00
agent = request.agent,
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
ONE_HOUR_S = 60 * 60,
ONE_YEAR_S = 365 * 24 * ONE_HOUR_S,
cacheRules = {
'public': 'public, max-age=0',
'hour': 'public, max-age=' + ONE_HOUR_S,
'year': 'public, max-age=' + ONE_YEAR_S,
'private': 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0'
};
describe('Admin Routing', function () {
function doEnd(done) {
return function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
should.not.exist(res.headers['X-CSRF-Token']);
should.exist(res.headers['set-cookie']);
should.exist(res.headers.date);
done();
};
}
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/
2014-03-24 01:49:43 +04:00
function doEndNoAuth(done) {
return function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
should.not.exist(res.headers['X-CSRF-Token']);
should.not.exist(res.headers['set-cookie']);
should.exist(res.headers.date);
done();
};
}
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
before(function (done) {
Server start refactor, route tests use ghost app closes #2442, issue #2182 - Server start refactored - messaging is just messaging, deferred resolves the httpserver so that the connection can be closed - Updated travis config to set node env - Updated example config to be less travis-specific - Route tests updated to use this new functionality - Grunt test-routes simplified
2014-03-25 16:42:52 +04:00
var app = express();
ghost({app: app}).then(function (_httpServer) {
// Setup the request object with the ghost express app
httpServer = _httpServer;
request = request(app);
testUtils.clearData().then(function () {
// we initialise data, but not a user. No user should be required for navigating the frontend
return testUtils.initData();
}).then(function () {
done();
updated error handling on all mocha tests - switch to using catch - added error handling where missing
2014-05-06 00:58:58 +04:00
}).catch(done);
Server start refactor, route tests use ghost app closes #2442, issue #2182 - Server start refactored - messaging is just messaging, deferred resolves the httpserver so that the connection can be closed - Updated travis config to set node env - Updated example config to be less travis-specific - Route tests updated to use this new functionality - Grunt test-routes simplified
2014-03-25 16:42:52 +04:00
}).otherwise(function (e) {
console.log('Ghost Error: ', e);
console.log(e.stack);
});
});
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
Server start refactor, route tests use ghost app closes #2442, issue #2182 - Server start refactored - messaging is just messaging, deferred resolves the httpserver so that the connection can be closed - Updated travis config to set node env - Updated example config to be less travis-specific - Route tests updated to use this new functionality - Grunt test-routes simplified
2014-03-25 16:42:52 +04:00
after(function () {
httpServer.close();
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
});
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/
2014-03-24 01:49:43 +04:00
describe('Legacy Redirects', function () {
it('should redirect /logout/ to /ghost/signout/', function (done) {
request.get('/logout/')
.expect('Location', '/ghost/signout/')
.expect('Cache-Control', cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
it('should redirect /signout/ to /ghost/signout/', function (done) {
request.get('/signout/')
.expect('Location', '/ghost/signout/')
.expect('Cache-Control', cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
it('should redirect /signin/ to /ghost/signin/', function (done) {
request.get('/signin/')
.expect('Location', '/ghost/signin/')
.expect('Cache-Control', cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
it('should redirect /signup/ to /ghost/signup/', function (done) {
request.get('/signup/')
.expect('Location', '/ghost/signup/')
.expect('Cache-Control', cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
});
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
// we'll use X-Forwarded-Proto: https to simulate an 'https://' request behind a proxy
describe('Require HTTPS - no redirect', function() {
var forkedGhost, request;
before(function (done) {
var configTestHttps = testUtils.fork.config();
configTestHttps.forceAdminSSL = {redirect: false};
configTestHttps.urlSSL = 'https://localhost/';
testUtils.fork.ghost(configTestHttps, 'testhttps')
.then(function(child) {
forkedGhost = child;
request = require('supertest');
request = request(configTestHttps.url.replace(/\/$/, ''));
updated error handling on all mocha tests - switch to using catch - added error handling where missing
2014-05-06 00:58:58 +04:00
}).then(done)
.catch(done);
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
});
after(function (done) {
if (forkedGhost) {
forkedGhost.kill(done);
}
});
it('should block admin access over non-HTTPS', function(done) {
request.get('/ghost/')
.expect(403)
.end(done);
});
it('should allow admin access over HTTPS', function(done) {
request.get('/ghost/signup/')
.set('X-Forwarded-Proto', 'https')
.expect(200)
.end(doEnd(done));
});
});
describe('Require HTTPS - redirect', function() {
var forkedGhost, request;
before(function (done) {
var configTestHttps = testUtils.fork.config();
configTestHttps.forceAdminSSL = {redirect: true};
configTestHttps.urlSSL = 'https://localhost/';
testUtils.fork.ghost(configTestHttps, 'testhttps')
.then(function(child) {
forkedGhost = child;
request = require('supertest');
request = request(configTestHttps.url.replace(/\/$/, ''));
updated error handling on all mocha tests - switch to using catch - added error handling where missing
2014-05-06 00:58:58 +04:00
}).then(done)
.catch(done);
Support for urlSSL config option and forceAdminSSL 403 response closes #1838 - adding `forceAdminSSL: {redirect: true/false}` option to allow 403 over non-SSL rather than redirect - adding `urlSSL` option to specify SSL variant of `url` - using `urlSSL` when redirecting to SSL (forceAdminSSL), if specified - dynamically patching `.url` property for view engine templates to use SSL variant over HTTPS connections (pass `.secure` property as view engine data) - using `urlSSL` in a "reset password" email, if specified - adding unit tests to test `forceAdminSSL` and `urlSSL` options - created a unit test utility function to dynamically fork a new instance of Ghost during the test, with different configuration options
2014-02-22 05:25:31 +04:00
});
after(function (done) {
if (forkedGhost) {
forkedGhost.kill(done);
}
});
it('should redirect admin access over non-HTTPS', function(done) {
request.get('/ghost/')
.expect('Location', /^https:\/\/localhost\/ghost\//)
.expect(301)
.end(done);
});
it('should allow admin access over HTTPS', function(done) {
request.get('/ghost/signup/')
.set('X-Forwarded-Proto', 'https')
.expect(200)
.end(done);
});
});
Redirect feed -> rss closes #2261 - reserved 'feed' in the list of reserved keywords for slugs - added a 301 redirect from /feed/ to /rss/ - added a route test, and realised that standard express redirects don't get the right headers - fixed the headers across all 301 redirects & added tests for the admin redirects - removed the redirect from /ghost/login/ to /ghost/signin/ as this happens automatically if you're logged out, and isn't very useful if you're logged in as it just redirects again to /ghost/
2014-03-24 01:49:43 +04:00
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
describe('Ghost Admin Signup', function () {
it('should have a session cookie which expires in 12 hours', function (done) {
request.get('/ghost/signup/')
.end(function firstRequest(err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
should.not.exist(res.headers['X-CSRF-Token']);
should.exist(res.headers['set-cookie']);
should.exist(res.headers.date);
var expires;
// Session should expire 12 hours after the time in the date header
Fixes admin session cookie test - Currently the test is taking the response date which is in UTC and passes it through moment() which by default parses input as local time. We then add 12 hours to this now local time and when compared against the response set-cookie header the time spread is wrong. - To fix we’re parsing the response date with moment.utc which parses the date in UTC.
2014-01-03 06:06:23 +04:00
expires = moment.utc(res.headers.date).add('Hours', 12).format("ddd, DD MMM YYYY HH:mm");
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
expires = new RegExp("Expires=" + expires);
res.headers['set-cookie'].should.match(expires);
done();
});
});
/ghost/reset/* should not redirect to signin fixes #2257
2014-02-25 14:20:32 +04:00
it('should redirect from /ghost/ to /ghost/signin/ when no user', function (done) {
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
request.get('/ghost/')
Make session expiry less arsey closes #2171 - added authentication middleware - removed authentication from routes - moved authentication before CSRF validation - moved caching rules before authentication - changed/added test
2014-02-14 14:00:11 +04:00
.expect('Location', /ghost\/signin/)
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
.expect('Cache-Control', cacheRules['private'])
.expect(302)
.end(doEnd(done));
});
/ghost/reset/* should not redirect to signin fixes #2257
2014-02-25 14:20:32 +04:00
it('should redirect from /ghost/signin/ to /ghost/signup/ when no user', function (done) {
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
request.get('/ghost/signin/')
.expect('Location', /ghost\/signup/)
.expect('Cache-Control', cacheRules['private'])
.expect(302)
.end(doEnd(done));
});
/ghost/reset/* should not redirect to signin fixes #2257
2014-02-25 14:20:32 +04:00
it('should respond with html for /ghost/signup/', function (done) {
Cache control headers & query string asset management closes #1470 issue #1405 - added cache control middleware - added defaults for all routes, assets, etc - updated asset helper to add a query string with a timestamp hash to all assets - added unit tests for asset and ghostScriptTags helpers - added cache-control checks to route tests
2013-12-31 03:13:25 +04:00
request.get('/ghost/signup/')
.expect('Content-Type', /html/)
.expect('Cache-Control', cacheRules['private'])
.expect(200)
.end(doEnd(done));
});
// Add user
// it('should redirect from /ghost/signup to /ghost/signin with user', function (done) {
// done();
// });
// it('should respond with html for /ghost/signin', function (done) {
// done();
// });
// Do Login
// it('should redirect from /ghost/signup to /ghost/ when logged in', function (done) {
// done();
// });
// it('should redirect from /ghost/signup to /ghost/ when logged in', function (done) {
// done();
// });
});
/ghost/reset/* should not redirect to signin fixes #2257
2014-02-25 14:20:32 +04:00
describe('Ghost Admin Forgot Password', function () {
it('should respond with html for /ghost/forgotten/', function (done) {
request.get('/ghost/forgotten/')
.expect('Content-Type', /html/)
.expect('Cache-Control', cacheRules['private'])
.expect(200)
.end(doEnd(done));
});
it('should respond 404 for /ghost/reset/', function (done) {
request.get('/ghost/reset/')
Do not cache 404 pages closes #2334 - remove call to set cache-control in 404 response header - update unit tests to expect this Fix up unit tests
2014-03-05 07:22:00 +04:00
.expect('Cache-Control', cacheRules['private'])
/ghost/reset/* should not redirect to signin fixes #2257
2014-02-25 14:20:32 +04:00
.expect(404)
.expect(/Page Not Found/)
.end(doEnd(done));
});
it('should redirect /ghost/reset/*/', function (done) {
request.get('/ghost/reset/athing/')
.expect('Location', /ghost\/forgotten/)
.expect('Cache-Control', cacheRules['private'])
.expect(302)
.end(doEnd(done));
});
});
Do not cache 404 pages closes #2334 - remove call to set cache-control in 404 response header - update unit tests to expect this Fix up unit tests
2014-03-05 07:22:00 +04:00
});
Redirect from admin editor to frontend post view closes #2628 - added /view/ route to the editor. if /view/ is appended to the url of a post being edited a redirect to the frontend will occur - updated controller to check for /view/ and built the correct url for the post - added test for the new route
2014-05-01 05:50:24 +04:00
describe('Authenticated Admin Routing', function () {
var user = testUtils.DataGenerator.forModel.users[0],
csrfToken = '';
before(function (done) {
var app = express();
ghost({app: app}).then(function (_httpServer) {
httpServer = _httpServer;
request = agent(app);
testUtils.clearData()
.then(function () {
return testUtils.initData();
})
.then(function () {
return testUtils.insertDefaultFixtures();
})
.then(function () {
request.get('/ghost/signin/')
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
var pattern_meta = /<meta.*?name="csrf-param".*?content="(.*?)".*?>/i;
pattern_meta.should.exist;
csrfToken = res.text.match(pattern_meta)[1];
process.nextTick(function() {
request.post('/ghost/signin/')
.set('X-CSRF-Token', csrfToken)
.send({email: user.email, password: user.password})
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
request.saveCookies(res);
request.get('/ghost/')
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
csrfToken = res.text.match(pattern_meta)[1];
done();
});
});
});
});
updated error handling on all mocha tests - switch to using catch - added error handling where missing
2014-05-06 00:58:58 +04:00
}).catch(done);
Redirect from admin editor to frontend post view closes #2628 - added /view/ route to the editor. if /view/ is appended to the url of a post being edited a redirect to the frontend will occur - updated controller to check for /view/ and built the correct url for the post - added test for the new route
2014-05-01 05:50:24 +04:00
}).otherwise(function (e) {
console.log('Ghost Error: ', e);
console.log(e.stack);
});
});
after(function () {
httpServer.close();
});
describe('Ghost Admin magic /view/ route', function () {
it('should redirect to the single post page on the frontend', function (done) {
request.get('/ghost/editor/1/view/')
.expect(302)
.expect('Location', '/welcome-to-ghost/')
.end(function (err, res) {
if (err) {
return done(err);
}
done();
});
});
});
});
Reference in New Issue Copy Permalink