2020-07-08 07:54:31 +03:00
|
|
|
const should = require('should');
|
|
|
|
const supertest = require('supertest');
|
2022-02-06 19:18:41 +03:00
|
|
|
const testUtils = require('../../../utils');
|
|
|
|
const config = require('../../../../core/shared/config');
|
2020-07-08 07:54:31 +03:00
|
|
|
const localUtils = require('./utils');
|
|
|
|
|
|
|
|
describe('Webhooks API (canary)', function () {
|
|
|
|
let request;
|
2021-03-04 03:06:16 +03:00
|
|
|
const API_VERSION = 'canary';
|
2020-07-08 07:54:31 +03:00
|
|
|
|
2021-03-04 02:23:31 +03:00
|
|
|
before(async function () {
|
2021-11-24 16:29:45 +03:00
|
|
|
await localUtils.startGhost();
|
2021-03-04 02:23:31 +03:00
|
|
|
|
|
|
|
request = supertest.agent(config.get('url'));
|
|
|
|
|
|
|
|
await localUtils.doAuth(request, 'integrations', 'api_keys', 'webhooks');
|
2020-07-08 07:54:31 +03:00
|
|
|
});
|
|
|
|
|
|
|
|
it('Can create a webhook using integration', function () {
|
|
|
|
let webhookData = {
|
|
|
|
event: 'test.create',
|
|
|
|
target_url: 'http://example.com/webhooks/test/extra/canary',
|
|
|
|
integration_id: 'ignore_me',
|
|
|
|
name: 'test',
|
|
|
|
secret: 'thisissecret',
|
2021-03-04 03:06:16 +03:00
|
|
|
api_version: API_VERSION
|
2020-07-08 07:54:31 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
return request.post(localUtils.API.getApiQuery('webhooks/'))
|
2022-03-11 14:27:43 +03:00
|
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/admin/', testUtils.DataGenerator.Content.api_keys[0])}`)
|
2020-07-08 07:54:31 +03:00
|
|
|
.send({webhooks: [webhookData]})
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(201)
|
|
|
|
.then((res) => {
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
const jsonResponse = res.body;
|
|
|
|
|
|
|
|
should.exist(jsonResponse);
|
|
|
|
should.exist(jsonResponse.webhooks);
|
|
|
|
should.exist(jsonResponse.webhooks[0].event);
|
|
|
|
should.exist(jsonResponse.webhooks[0].target_url);
|
|
|
|
|
|
|
|
jsonResponse.webhooks[0].event.should.eql('test.create');
|
|
|
|
jsonResponse.webhooks[0].target_url.should.eql('http://example.com/webhooks/test/extra/canary');
|
2020-08-04 07:43:24 +03:00
|
|
|
jsonResponse.webhooks[0].integration_id.should.eql(testUtils.DataGenerator.Content.api_keys[0].integration_id);
|
2020-07-17 08:37:14 +03:00
|
|
|
jsonResponse.webhooks[0].name.should.eql('test');
|
|
|
|
jsonResponse.webhooks[0].secret.should.eql('thisissecret');
|
2021-03-04 03:06:16 +03:00
|
|
|
jsonResponse.webhooks[0].api_version.should.eql('canary');
|
2020-07-08 07:54:31 +03:00
|
|
|
|
|
|
|
localUtils.API.checkResponse(jsonResponse.webhooks[0], 'webhook');
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2020-07-17 08:37:14 +03:00
|
|
|
it('Fails validation for when integration_id is missing', function () {
|
|
|
|
let webhookData = {
|
|
|
|
event: 'test.create',
|
|
|
|
target_url: 'http://example.com/webhooks/test/extra/1',
|
|
|
|
name: 'test',
|
|
|
|
secret: 'thisissecret',
|
2021-03-04 03:06:16 +03:00
|
|
|
api_version: API_VERSION
|
2020-07-17 08:37:14 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
return request.post(localUtils.API.getApiQuery('webhooks/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send({webhooks: [webhookData]})
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(422);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('Fails validation for non-lowercase event name', function () {
|
|
|
|
let webhookData = {
|
|
|
|
event: 'tEst.evenT',
|
|
|
|
target_url: 'http://example.com/webhooks/test/extra/1',
|
|
|
|
name: 'test',
|
|
|
|
secret: 'thisissecret',
|
2021-03-04 03:06:16 +03:00
|
|
|
api_version: API_VERSION
|
2020-07-17 08:37:14 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
return request.post(localUtils.API.getApiQuery('webhooks/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send({webhooks: [webhookData]})
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(422);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('Fails validation when required fields are not present', function () {
|
|
|
|
let webhookData = {
|
2021-03-04 03:06:16 +03:00
|
|
|
api_version: API_VERSION,
|
2020-07-17 08:37:14 +03:00
|
|
|
integration_id: 'dummy'
|
|
|
|
};
|
|
|
|
|
|
|
|
return request.post(localUtils.API.getApiQuery('webhooks/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send({webhooks: [webhookData]})
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(422);
|
|
|
|
});
|
|
|
|
|
2020-07-08 07:54:31 +03:00
|
|
|
it('Integration cannot edit or delete other integration\'s webhook', function () {
|
|
|
|
let createdIntegration;
|
|
|
|
let createdWebhook;
|
|
|
|
|
|
|
|
return Promise.resolve()
|
|
|
|
.then(() => {
|
|
|
|
return request.post(localUtils.API.getApiQuery('integrations/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send({
|
|
|
|
integrations: [{
|
|
|
|
name: 'Rubbish Integration Name'
|
|
|
|
}]
|
|
|
|
})
|
|
|
|
.expect(201)
|
|
|
|
.then(({body}) => {
|
|
|
|
[createdIntegration] = body.integrations;
|
|
|
|
|
|
|
|
return request.post(localUtils.API.getApiQuery('webhooks/'))
|
|
|
|
.set('Origin', config.get('url'))
|
|
|
|
.send({
|
|
|
|
webhooks: [{
|
|
|
|
name: 'Testing',
|
|
|
|
event: 'site.changed',
|
|
|
|
target_url: 'https://example.com/rebuild',
|
|
|
|
integration_id: createdIntegration.id
|
|
|
|
}]
|
|
|
|
})
|
|
|
|
.expect(201);
|
|
|
|
});
|
|
|
|
})
|
|
|
|
.then(({body}) => {
|
|
|
|
[createdWebhook] = body.webhooks;
|
|
|
|
|
|
|
|
return request.put(localUtils.API.getApiQuery(`webhooks/${createdWebhook.id}/`))
|
2022-03-11 14:27:43 +03:00
|
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/admin/', testUtils.DataGenerator.Content.api_keys[0])}`)
|
2020-07-08 07:54:31 +03:00
|
|
|
.send({
|
|
|
|
webhooks: [{
|
|
|
|
name: 'Edit Test',
|
|
|
|
event: 'subscriber.added',
|
|
|
|
target_url: 'https://example.com/new-subscriber'
|
|
|
|
}]
|
|
|
|
})
|
|
|
|
.expect(403);
|
|
|
|
})
|
|
|
|
.then(() => {
|
|
|
|
return request.del(localUtils.API.getApiQuery(`webhooks/${createdWebhook.id}/`))
|
2022-03-11 14:27:43 +03:00
|
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/admin/', testUtils.DataGenerator.Content.api_keys[0])}`)
|
2020-07-08 07:54:31 +03:00
|
|
|
.expect(403);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2020-08-03 14:08:47 +03:00
|
|
|
it('Integration editing non-existing webhook returns 404', function () {
|
|
|
|
return request.put(localUtils.API.getApiQuery(`webhooks/5f27d0287c75da744d8615da/`))
|
2022-03-11 14:27:43 +03:00
|
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/admin/', testUtils.DataGenerator.Content.api_keys[0])}`)
|
2020-08-03 14:08:47 +03:00
|
|
|
.send({
|
|
|
|
webhooks: [{
|
|
|
|
name: 'Edit Test'
|
|
|
|
}]
|
|
|
|
})
|
|
|
|
.expect(404);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('Integration deleting non-existing webhook returns 404', function () {
|
|
|
|
return request.delete(localUtils.API.getApiQuery(`webhooks/5f27d0287c75da744d8615db/`))
|
2022-03-11 14:27:43 +03:00
|
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/admin/', testUtils.DataGenerator.Content.api_keys[0])}`)
|
2020-08-03 14:08:47 +03:00
|
|
|
.expect(404);
|
|
|
|
});
|
|
|
|
|
2020-07-08 07:54:31 +03:00
|
|
|
it('Cannot edit webhooks using content api keys', function () {
|
|
|
|
let webhookData = {
|
|
|
|
event: 'post.create',
|
|
|
|
target_url: 'http://example.com/webhooks/test/extra/2'
|
|
|
|
};
|
|
|
|
|
|
|
|
return request.post(localUtils.API.getApiQuery('webhooks/'))
|
2022-03-11 14:27:43 +03:00
|
|
|
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/admin/', testUtils.DataGenerator.Content.api_keys[1])}`)
|
2020-07-08 07:54:31 +03:00
|
|
|
.send({webhooks: [webhookData]})
|
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(401);
|
|
|
|
});
|
|
|
|
});
|