2013-12-31 03:13:25 +04:00
|
|
|
|
|
|
|
// # Frontend Route tests
|
|
|
|
// As it stands, these tests depend on the database, and as such are integration tests.
|
|
|
|
// Mocking out the models to not touch the DB would turn these into unit tests, and should probably be done in future,
|
|
|
|
// But then again testing real code, rather than mock code, might be more useful...
|
|
|
|
|
|
|
|
var request = require('supertest'),
|
|
|
|
should = require('should'),
|
|
|
|
|
|
|
|
testUtils = require('../../utils'),
|
2015-11-12 15:29:45 +03:00
|
|
|
ghost = require('../../../../core'),
|
|
|
|
i18n = require('../../../../core/server/i18n');
|
|
|
|
i18n.init();
|
2013-12-31 03:13:25 +04:00
|
|
|
|
|
|
|
describe('Admin Routing', function () {
|
|
|
|
function doEnd(done) {
|
|
|
|
return function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
should.exist(res.headers.date);
|
|
|
|
|
|
|
|
done();
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2014-03-24 01:49:43 +04:00
|
|
|
function doEndNoAuth(done) {
|
|
|
|
return function (err, res) {
|
|
|
|
if (err) {
|
|
|
|
return done(err);
|
|
|
|
}
|
|
|
|
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
should.exist(res.headers.date);
|
|
|
|
|
|
|
|
done();
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2013-12-31 03:13:25 +04:00
|
|
|
before(function (done) {
|
2014-09-19 20:17:58 +04:00
|
|
|
ghost().then(function (ghostServer) {
|
2014-03-25 16:42:52 +04:00
|
|
|
// Setup the request object with the ghost express app
|
2014-09-19 20:17:58 +04:00
|
|
|
request = request(ghostServer.rootApp);
|
2014-08-23 23:20:22 +04:00
|
|
|
|
|
|
|
done();
|
2014-08-17 10:17:23 +04:00
|
|
|
}).catch(function (e) {
|
2014-03-25 16:42:52 +04:00
|
|
|
console.log('Ghost Error: ', e);
|
|
|
|
console.log(e.stack);
|
2016-03-14 18:02:31 +03:00
|
|
|
done(e);
|
2014-03-25 16:42:52 +04:00
|
|
|
});
|
|
|
|
});
|
2013-12-31 03:13:25 +04:00
|
|
|
|
2014-08-23 23:20:22 +04:00
|
|
|
after(function (done) {
|
|
|
|
testUtils.clearData().then(function () {
|
|
|
|
done();
|
|
|
|
}).catch(done);
|
2013-12-31 03:13:25 +04:00
|
|
|
});
|
|
|
|
|
2014-03-24 01:49:43 +04:00
|
|
|
describe('Legacy Redirects', function () {
|
|
|
|
it('should redirect /logout/ to /ghost/signout/', function (done) {
|
|
|
|
request.get('/logout/')
|
|
|
|
.expect('Location', '/ghost/signout/')
|
2014-09-25 13:35:28 +04:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.year)
|
2014-03-24 01:49:43 +04:00
|
|
|
.expect(301)
|
|
|
|
.end(doEndNoAuth(done));
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should redirect /signout/ to /ghost/signout/', function (done) {
|
|
|
|
request.get('/signout/')
|
|
|
|
.expect('Location', '/ghost/signout/')
|
2014-09-25 13:35:28 +04:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.year)
|
2014-03-24 01:49:43 +04:00
|
|
|
.expect(301)
|
|
|
|
.end(doEndNoAuth(done));
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should redirect /signup/ to /ghost/signup/', function (done) {
|
|
|
|
request.get('/signup/')
|
|
|
|
.expect('Location', '/ghost/signup/')
|
2014-09-25 13:35:28 +04:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.year)
|
2014-03-24 01:49:43 +04:00
|
|
|
.expect(301)
|
|
|
|
.end(doEndNoAuth(done));
|
|
|
|
});
|
2014-07-14 16:29:45 +04:00
|
|
|
|
|
|
|
// Admin aliases
|
|
|
|
it('should redirect /signin/ to /ghost/', function (done) {
|
|
|
|
request.get('/signin/')
|
|
|
|
.expect('Location', '/ghost/')
|
2015-12-10 18:00:02 +03:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.year)
|
|
|
|
.expect(301)
|
2014-07-14 16:29:45 +04:00
|
|
|
.end(doEndNoAuth(done));
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should redirect /admin/ to /ghost/', function (done) {
|
|
|
|
request.get('/admin/')
|
|
|
|
.expect('Location', '/ghost/')
|
2015-12-10 18:00:02 +03:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.year)
|
|
|
|
.expect(301)
|
2014-07-14 16:29:45 +04:00
|
|
|
.end(doEndNoAuth(done));
|
|
|
|
});
|
2014-08-23 20:23:34 +04:00
|
|
|
|
|
|
|
it('should redirect /GHOST/ to /ghost/', function (done) {
|
|
|
|
request.get('/GHOST/')
|
|
|
|
.expect('Location', '/ghost/')
|
|
|
|
.expect(301)
|
|
|
|
.end(doEndNoAuth(done));
|
|
|
|
});
|
2014-03-24 01:49:43 +04:00
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
|
2014-02-22 05:25:31 +04:00
|
|
|
// we'll use X-Forwarded-Proto: https to simulate an 'https://' request behind a proxy
|
2014-09-03 19:42:55 +04:00
|
|
|
describe('Require HTTPS - no redirect', function () {
|
2014-02-22 05:25:31 +04:00
|
|
|
var forkedGhost, request;
|
|
|
|
before(function (done) {
|
|
|
|
var configTestHttps = testUtils.fork.config();
|
|
|
|
configTestHttps.forceAdminSSL = {redirect: false};
|
|
|
|
configTestHttps.urlSSL = 'https://localhost/';
|
|
|
|
|
|
|
|
testUtils.fork.ghost(configTestHttps, 'testhttps')
|
2014-09-03 19:42:55 +04:00
|
|
|
.then(function (child) {
|
2014-02-22 05:25:31 +04:00
|
|
|
forkedGhost = child;
|
|
|
|
request = require('supertest');
|
|
|
|
request = request(configTestHttps.url.replace(/\/$/, ''));
|
2014-05-06 00:58:58 +04:00
|
|
|
}).then(done)
|
|
|
|
.catch(done);
|
2014-02-22 05:25:31 +04:00
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
|
2014-02-22 05:25:31 +04:00
|
|
|
after(function (done) {
|
|
|
|
if (forkedGhost) {
|
|
|
|
forkedGhost.kill(done);
|
2014-10-31 00:43:47 +03:00
|
|
|
} else {
|
|
|
|
done(new Error('No forked ghost process exists, test setup must have failed.'));
|
2014-02-22 05:25:31 +04:00
|
|
|
}
|
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
|
2014-09-03 19:42:55 +04:00
|
|
|
it('should block admin access over non-HTTPS', function (done) {
|
2014-02-22 05:25:31 +04:00
|
|
|
request.get('/ghost/')
|
|
|
|
.expect(403)
|
2015-04-18 15:20:03 +03:00
|
|
|
.end(doEnd(done));
|
2014-02-22 05:25:31 +04:00
|
|
|
});
|
|
|
|
|
2014-09-03 19:42:55 +04:00
|
|
|
it('should allow admin access over HTTPS', function (done) {
|
2014-07-01 03:26:08 +04:00
|
|
|
request.get('/ghost/setup/')
|
2014-02-22 05:25:31 +04:00
|
|
|
.set('X-Forwarded-Proto', 'https')
|
|
|
|
.expect(200)
|
|
|
|
.end(doEnd(done));
|
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
});
|
2014-02-22 05:25:31 +04:00
|
|
|
|
2014-09-03 19:42:55 +04:00
|
|
|
describe('Require HTTPS - redirect', function () {
|
2014-02-22 05:25:31 +04:00
|
|
|
var forkedGhost, request;
|
|
|
|
before(function (done) {
|
|
|
|
var configTestHttps = testUtils.fork.config();
|
|
|
|
configTestHttps.forceAdminSSL = {redirect: true};
|
|
|
|
configTestHttps.urlSSL = 'https://localhost/';
|
|
|
|
|
|
|
|
testUtils.fork.ghost(configTestHttps, 'testhttps')
|
2014-09-03 19:42:55 +04:00
|
|
|
.then(function (child) {
|
2014-02-22 05:25:31 +04:00
|
|
|
forkedGhost = child;
|
|
|
|
request = require('supertest');
|
|
|
|
request = request(configTestHttps.url.replace(/\/$/, ''));
|
2014-05-06 00:58:58 +04:00
|
|
|
}).then(done)
|
|
|
|
.catch(done);
|
2014-02-22 05:25:31 +04:00
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
|
2014-02-22 05:25:31 +04:00
|
|
|
after(function (done) {
|
|
|
|
if (forkedGhost) {
|
|
|
|
forkedGhost.kill(done);
|
2014-10-31 00:43:47 +03:00
|
|
|
} else {
|
|
|
|
done(new Error('No forked ghost process exists, test setup must have failed.'));
|
2014-02-22 05:25:31 +04:00
|
|
|
}
|
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
|
2014-09-03 19:42:55 +04:00
|
|
|
it('should redirect admin access over non-HTTPS', function (done) {
|
2014-02-22 05:25:31 +04:00
|
|
|
request.get('/ghost/')
|
|
|
|
.expect('Location', /^https:\/\/localhost\/ghost\//)
|
|
|
|
.expect(301)
|
2015-04-18 15:20:03 +03:00
|
|
|
.end(doEnd(done));
|
2014-02-22 05:25:31 +04:00
|
|
|
});
|
|
|
|
|
2014-09-03 19:42:55 +04:00
|
|
|
it('should allow admin access over HTTPS', function (done) {
|
2014-07-01 03:26:08 +04:00
|
|
|
request.get('/ghost/setup/')
|
2014-02-22 05:25:31 +04:00
|
|
|
.set('X-Forwarded-Proto', 'https')
|
|
|
|
.expect(200)
|
2015-04-18 15:20:03 +03:00
|
|
|
.end(doEnd(done));
|
2014-02-22 05:25:31 +04:00
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
});
|
2014-03-24 01:49:43 +04:00
|
|
|
|
2014-07-01 03:26:08 +04:00
|
|
|
describe('Ghost Admin Setup', function () {
|
|
|
|
it('should redirect from /ghost/ to /ghost/setup/ when no user/not installed yet', function (done) {
|
2014-09-03 19:42:55 +04:00
|
|
|
request.get('/ghost/')
|
|
|
|
.expect('Location', /ghost\/setup/)
|
2015-10-12 19:54:15 +03:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
2014-09-03 19:42:55 +04:00
|
|
|
.expect(302)
|
|
|
|
.end(doEnd(done));
|
2014-07-01 03:26:08 +04:00
|
|
|
});
|
2013-12-31 03:13:25 +04:00
|
|
|
|
2014-07-01 03:26:08 +04:00
|
|
|
it('should redirect from /ghost/signin/ to /ghost/setup/ when no user', function (done) {
|
2013-12-31 03:13:25 +04:00
|
|
|
request.get('/ghost/signin/')
|
2014-07-01 03:26:08 +04:00
|
|
|
.expect('Location', /ghost\/setup/)
|
2015-10-12 19:54:15 +03:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
2013-12-31 03:13:25 +04:00
|
|
|
.expect(302)
|
|
|
|
.end(doEnd(done));
|
|
|
|
});
|
|
|
|
|
2014-07-01 03:26:08 +04:00
|
|
|
it('should respond with html for /ghost/setup/', function (done) {
|
|
|
|
request.get('/ghost/setup/')
|
2013-12-31 03:13:25 +04:00
|
|
|
.expect('Content-Type', /html/)
|
2015-10-12 19:54:15 +03:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
2013-12-31 03:13:25 +04:00
|
|
|
.expect(200)
|
|
|
|
.end(doEnd(done));
|
|
|
|
});
|
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
});
|