Ghost/ghost/core/test/e2e-api/admin/db.test.js

const should = require('should');
const supertest = require('supertest');
const sinon = require('sinon');
const config = require('../../../core/shared/config');
const events = require('../../../core/server/lib/common/events');
const testUtils = require('../../utils');
const {exportedBodyLatest} = require('../../utils/fixtures/export/body-generator');
const localUtils = require('./utils');

describe('DB API', function () {
    let request;
    let eventsTriggered;

    before(async function () {
        await localUtils.startGhost();
        request = supertest.agent(config.get('url'));
        await localUtils.doAuth(request);
    });

    beforeEach(function () {
        eventsTriggered = {};

        sinon.stub(events, 'emit').callsFake((eventName, eventObj) => {
            if (!eventsTriggered[eventName]) {
                eventsTriggered[eventName] = [];
            }

            eventsTriggered[eventName].push(eventObj);
        });
    });

    afterEach(function () {
        sinon.restore();
    });

    it('Can export a JSON database', async function () {
        const res = await request.get(localUtils.API.getApiQuery(`db/`))
            .set('Origin', config.get('url'))
            .expect('Content-Type', /json/)
            .expect('Cache-Control', testUtils.cacheRules.private)
            .expect(200)
            .expect('Content-Disposition', /Attachment; filename="[A-Za-z0-9._-]+\.json"/);

        should.not.exist(res.headers['x-cache-invalidate']);
        should.exist(res.headers['content-disposition']);

        const jsonResponse = res.body;
        should.exist(jsonResponse.db);
        jsonResponse.db.should.have.length(1);

        const dataKeys = Object.keys(exportedBodyLatest().db[0].data).sort();

        // NOTE: using `Object.keys` here instead of `should.have.only.keys` assertion
        //       because when `have.only.keys` fails there's no useful diff
        Object.keys(jsonResponse.db[0].data).sort().should.be.eql(dataKeys);
    });

    it('Can delete all content', async function () {
        const res = await request
            .get(localUtils.API.getApiQuery('posts/'))
            .set('Origin', config.get('url'))
            .expect('Content-Type', /json/)
            .expect('Cache-Control', testUtils.cacheRules.private)
            .expect(200);

        let jsonResponse = res.body;
        jsonResponse.posts.should.have.length(7);

        const deleteRequest = await request.delete(localUtils.API.getApiQuery('db/'))
            .set('Origin', config.get('url'))
            .set('Accept', 'application/json')
            .expect(204);
        should.exist(deleteRequest.headers['x-cache-invalidate']);

        const res2 = await request.get(localUtils.API.getApiQuery('posts/'))
            .set('Origin', config.get('url'))
            .expect('Content-Type', /json/)
            .expect('Cache-Control', testUtils.cacheRules.private)
            .expect(200);

        res2.body.posts.should.have.length(0);
        eventsTriggered['post.unpublished'].length.should.eql(7);
        eventsTriggered['post.deleted'].length.should.eql(7);
        eventsTriggered['tag.deleted'].length.should.eql(1);
    });

    it('Can trigger external media inliner', async function () {
        const response = await request
            .post(localUtils.API.getApiQuery('db/media/inline'))
            .send({
                domains: ['https://example.com']
            })
            .set('Origin', config.get('url'))
            .set('Accept', 'application/json')
            .expect(200);

        // @NOTE: the response format is temporary for test purposes
        //        before feature graduates to GA, it should become
        //        a more consistent format
        response.body.should.eql({
            db: [{
                status: 'success'
            }]
        });
    });

    it('Handles invalid zip file uploads (central directory)', async function () {
        const res = await request.post(localUtils.API.getApiQuery('db/'))
            .set('Origin', config.get('url'))
            .attach('importfile', 'test/utils/fixtures/import/zips/empty.zip')
            .expect('Content-Type', /json/)
            .expect(415);

        res.body.errors[0].message.should.eql('The uploaded zip could not be read');
    });

    it('Handles invalid zip file uploads (malformed comments)', async function () {
        const res = await request.post(localUtils.API.getApiQuery('db/'))
            .set('Origin', config.get('url'))
            .attach('importfile', 'test/utils/fixtures/import/zips/malformed-comments.zip')
            .expect('Content-Type', /json/)
            .expect(415);

        res.body.errors[0].message.should.eql('The uploaded zip could not be read');
    });
});
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`const should = require('should');`
			`const supertest = require('supertest');`
			`const sinon = require('sinon');`
Moved config from server to shared (#11850) * moved `server/config` to `shared/config` * updated config import paths in server to use shared * updated config import paths in frontend to use shared * updated config import paths in test to use shared * updated config import paths in root to use shared * trigger regression tests * of course the rebase broke tests 2020-05-27 20:47:53 +03:00			`const config = require('../../../core/shared/config');`
Expanded requires of lib/common i18n and events - Having these as destructured from the same package is hindering refactoring now - Events should really only ever be used server-side - i18n should be a shared module for now so it can be used everywhere until we figure out something better - Having them seperate also allows us to lint them properly 2021-04-27 16:18:04 +03:00			`const events = require('../../../core/server/lib/common/events');`
Switched to canary endpoints in acceptance tests (#11143) no issue - Switched acceptance tests to run against canary branch - Corrected actions specs - Corrected authentication spec - Moved test suites our of 'old' folder 2019-09-20 18:02:45 +03:00			`const testUtils = require('../../utils');`
Added latest export body generator refs https://github.com/TryGhost/Team/issues/555 - Export/Import test suite clean up ctd. See previous commits for context - Main goal here was to update latest JSON export data. Also hardened tests to make sure this fixture is updated whenever the endpoint changes structure 2021-03-12 09:42:33 +03:00			`const {exportedBodyLatest} = require('../../utils/fixtures/export/body-generator');`
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`const localUtils = require('./utils');`

Updated tests eslint config to use eslint-plugin-ghost@0.5.0 no issue - bump eslint-plugin-ghost to v0.5.0 - update core/test eslint config to use "ghost:test" in place of custom ruleset - apply automated eslint fixes 2019-08-19 14:41:09 +03:00			`describe('DB API', function () {`
Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`let request;`
			`let eventsTriggered;`

Moved importer tests to regressions suite refs https://github.com/TryGhost/Ghost/commit/3240d4adf08fc531abaadce7f7b4f2be0b6735f5 - Acceptance tests have low timeout limit and were not making it through with updated export files 2021-03-24 07:12:10 +03:00			`before(async function () {`
Renamed testUtils.startGhost to localUtils.startGhost refs https://github.com/TryGhost/Toolbox/issues/135 - Going though local utils allows to have the "withFrontend: false" flag applied only to the e2e-api test suites. This way we can gradually introduce the no-frontend change across all test suites 2021-11-18 11:55:35 +03:00			`await localUtils.startGhost();`
Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`request = supertest.agent(config.get('url'));`
			`await localUtils.doAuth(request);`
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`});`

Updated tests eslint config to use eslint-plugin-ghost@0.5.0 no issue - bump eslint-plugin-ghost to v0.5.0 - update core/test eslint config to use "ghost:test" in place of custom ruleset - apply automated eslint fixes 2019-08-19 14:41:09 +03:00			`beforeEach(function () {`
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`eventsTriggered = {};`

Removed final non-destructured imports of core/server/lib/common (#11858) * removed final non-destructured imports of core/server/lib/common * fixed lint 2020-05-28 19:54:18 +03:00			`sinon.stub(events, 'emit').callsFake((eventName, eventObj) => {`
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`if (!eventsTriggered[eventName]) {`
			`eventsTriggered[eventName] = [];`
			`}`

			`eventsTriggered[eventName].push(eventObj);`
			`});`
			`});`

Updated tests eslint config to use eslint-plugin-ghost@0.5.0 no issue - bump eslint-plugin-ghost to v0.5.0 - update core/test eslint config to use "ghost:test" in place of custom ruleset - apply automated eslint fixes 2019-08-19 14:41:09 +03:00			`afterEach(function () {`
Bumped sinon from 4.4.6 to 7.3.2 (#10400) refs #9389 - https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md Breaking changes for Ghost: - no need to create a sandbox anymore, each file get's it's own sandbox - just require sinon and use this sandbox - you can still create separate sandboxes with .createSandbox - reset single stubs: use .resetHistory instead of .reset This is a global replace for any sandbox creation. --- From https://sinonjs.org/releases/v7.2.3/sandbox/ > Default sandbox > Since sinon@5.0.0, the sinon object is a default sandbox. Unless you have a very advanced setup or need a special configuration, you probably want to just use that one. 2019-01-21 19:53:44 +03:00			`sinon.restore();`
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`});`

Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`it('Can export a JSON database', async function () {`
			const res = await request.get(localUtils.API.getApiQuery(`db/`))
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`.set('Origin', config.get('url'))`
			`.expect('Content-Type', /json/)`
			`.expect('Cache-Control', testUtils.cacheRules.private)`
			`.expect(200)`
Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`.expect('Content-Disposition', /Attachment; filename="[A-Za-z0-9._-]+\.json"/);`

			`should.not.exist(res.headers['x-cache-invalidate']);`
			`should.exist(res.headers['content-disposition']);`

			`const jsonResponse = res.body;`
			`should.exist(jsonResponse.db);`
			`jsonResponse.db.should.have.length(1);`
Added latest export body generator refs https://github.com/TryGhost/Team/issues/555 - Export/Import test suite clean up ctd. See previous commits for context - Main goal here was to update latest JSON export data. Also hardened tests to make sure this fixture is updated whenever the endpoint changes structure 2021-03-12 09:42:33 +03:00
Fixed node version specific object key sorting (#12817) refs https://github.com/TryGhost/Ghost/commit/74cdbadedb7af2393fe4f3ff60d82ce6a92d9b78 - Fixes failing test by enforcing ordering through `sort()` call. Doing this to avoid differences between node versions' `Object.keys()` ordering 2021-03-25 05:16:24 +03:00			`const dataKeys = Object.keys(exportedBodyLatest().db[0].data).sort();`
Added latest export body generator refs https://github.com/TryGhost/Team/issues/555 - Export/Import test suite clean up ctd. See previous commits for context - Main goal here was to update latest JSON export data. Also hardened tests to make sure this fixture is updated whenever the endpoint changes structure 2021-03-12 09:42:33 +03:00
Fixed exporter tests using should.have.keys assertion refs https://github.com/TryGhost/Team/issues/555 refs https://github.com/TryGhost/Ghost/commit/080a8fc082951db294eebdc3bfbe0bfb557d5de8 - The `have.keys` assertion was not doing strict comparison neither provided any useful output when changed to `have.only.keys`. - Rewrote the tests to use manual assertion through array comparison which checks exactly what it's supposed to and gives a visual diff in case there are any missing/extra properties in config 2021-03-25 03:22:34 +03:00			// NOTE: using `Object.keys` here instead of `should.have.only.keys` assertion
			// because when `have.only.keys` fails there's no useful diff
Fixed node version specific object key sorting (#12817) refs https://github.com/TryGhost/Ghost/commit/74cdbadedb7af2393fe4f3ff60d82ce6a92d9b78 - Fixes failing test by enforcing ordering through `sort()` call. Doing this to avoid differences between node versions' `Object.keys()` ordering 2021-03-25 05:16:24 +03:00			`Object.keys(jsonResponse.db[0].data).sort().should.be.eql(dataKeys);`
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`});`

Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`it('Can delete all content', async function () {`
			`const res = await request`
Reduced & moved acceptance tests for admin API refs #9178 - consistent naming pattern - less acceptance tests 2019-02-04 17:16:24 +03:00			`.get(localUtils.API.getApiQuery('posts/'))`
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`.set('Origin', config.get('url'))`
			`.expect('Content-Type', /json/)`
			`.expect('Cache-Control', testUtils.cacheRules.private)`
Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`.expect(200);`

			`let jsonResponse = res.body;`
			`jsonResponse.posts.should.have.length(7);`

Update cache invalidation on several routes issue https://github.com/TryGhost/Team/issues/859 - Added invalidation to PUT /authentication/setup - Added invalidation to POST /db - Added invalidation to DELETE /db - Added invalidation to GET /slugs/:type/:name - Removed invalidation from PUT /users/:id/token 2021-07-07 19:12:51 +03:00			`const deleteRequest = await request.delete(localUtils.API.getApiQuery('db/'))`
Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00			`.set('Origin', config.get('url'))`
			`.set('Accept', 'application/json')`
			`.expect(204);`
Update cache invalidation on several routes issue https://github.com/TryGhost/Team/issues/859 - Added invalidation to PUT /authentication/setup - Added invalidation to POST /db - Added invalidation to DELETE /db - Added invalidation to GET /slugs/:type/:name - Removed invalidation from PUT /users/:id/token 2021-07-07 19:12:51 +03:00			`should.exist(deleteRequest.headers['x-cache-invalidate']);`
Refactored acceptance tests to use async-await - refactoring the acceptance tests to use async-await removes all the Promise chaining we had, and streamlines the coding styles we have across the code so test files are more alike 2020-11-30 17:25:22 +03:00
			`const res2 = await request.get(localUtils.API.getApiQuery('posts/'))`
			`.set('Origin', config.get('url'))`
			`.expect('Content-Type', /json/)`
			`.expect('Cache-Control', testUtils.cacheRules.private)`
			`.expect(200);`

			`res2.body.posts.should.have.length(0);`
			`eventsTriggered['post.unpublished'].length.should.eql(7);`
			`eventsTriggered['post.deleted'].length.should.eql(7);`
			`eventsTriggered['tag.deleted'].length.should.eql(1);`
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`});`
Added e2e test covering media inliner job start refs https://github.com/TryGhost/Toolbox/issues/523 - The test is useful for future iterations of the response format and as a quick reference on which parameters the media inlining endpoint accepts. 2023-03-06 12:39:22 +03:00
			`it('Can trigger external media inliner', async function () {`
			`const response = await request`
			`.post(localUtils.API.getApiQuery('db/media/inline'))`
			`.send({`
			`domains: ['https://example.com']`
			`})`
			`.set('Origin', config.get('url'))`
			`.set('Accept', 'application/json')`
			`.expect(200);`

			`// @NOTE: the response format is temporary for test purposes`
			`// before feature graduates to GA, it should become`
			`// a more consistent format`
			`response.body.should.eql({`
			`db: [{`
			`status: 'success'`
			`}]`
			`});`
			`});`
Fixed handling empty zip file uploads fix https://linear.app/tryghost/issue/SLO-102/end-of-central-directory-record-signature-not-found-an-unexpected - previously, uploading an empty zip would result in a HTTP 500 error because yauzl would error and we'd bubble that up as an InternalServerError - now, we catch the specific error message and return a more user friendly error - also includes tests and sample zip file 2024-05-08 12:05:21 +03:00
Handled invalid files when uploading DB zips (#20165) fix https://linear.app/tryghost/issue/SLO-103/invalid-comment-length-expected-7-found-0-an-unexpected-error-occurred - similar to https://github.com/TryGhost/Ghost/commit/e8e3447f15549df884b33a0e0d4ffe7bf308a680, this captures a specific error from yauzl and throws a user-friendly error - perhaps in the future we can just look for yauzl errors and always return user-friendly errors, but let's monitor that first - also includes a breaking test 2024-05-08 15:59:34 +03:00			`it('Handles invalid zip file uploads (central directory)', async function () {`
Fixed handling empty zip file uploads fix https://linear.app/tryghost/issue/SLO-102/end-of-central-directory-record-signature-not-found-an-unexpected - previously, uploading an empty zip would result in a HTTP 500 error because yauzl would error and we'd bubble that up as an InternalServerError - now, we catch the specific error message and return a more user friendly error - also includes tests and sample zip file 2024-05-08 12:05:21 +03:00			`const res = await request.post(localUtils.API.getApiQuery('db/'))`
			`.set('Origin', config.get('url'))`
			`.attach('importfile', 'test/utils/fixtures/import/zips/empty.zip')`
			`.expect('Content-Type', /json/)`
			`.expect(415);`

			`res.body.errors[0].message.should.eql('The uploaded zip could not be read');`
			`});`
Handled invalid files when uploading DB zips (#20165) fix https://linear.app/tryghost/issue/SLO-103/invalid-comment-length-expected-7-found-0-an-unexpected-error-occurred - similar to https://github.com/TryGhost/Ghost/commit/e8e3447f15549df884b33a0e0d4ffe7bf308a680, this captures a specific error from yauzl and throws a user-friendly error - perhaps in the future we can just look for yauzl errors and always return user-friendly errors, but let's monitor that first - also includes a breaking test 2024-05-08 15:59:34 +03:00
			`it('Handles invalid zip file uploads (malformed comments)', async function () {`
			`const res = await request.post(localUtils.API.getApiQuery('db/'))`
			`.set('Origin', config.get('url'))`
			`.attach('importfile', 'test/utils/fixtures/import/zips/malformed-comments.zip')`
			`.expect('Content-Type', /json/)`
			`.expect(415);`

			`res.body.errors[0].message.should.eql('The uploaded zip could not be read');`
			`});`
Migrated db controller to API v2 (#10051) refs #9866 - Migrated db import/export routes to use new db controller 2018-12-17 16:45:09 +03:00			`});`