2013-12-31 03:13:25 +04:00
|
|
|
// # Frontend Route tests
|
|
|
|
// As it stands, these tests depend on the database, and as such are integration tests.
|
|
|
|
// Mocking out the models to not touch the DB would turn these into unit tests, and should probably be done in future,
|
|
|
|
// But then again testing real code, rather than mock code, might be more useful...
|
|
|
|
|
2020-04-29 18:44:27 +03:00
|
|
|
const should = require('should');
|
2021-10-22 16:25:58 +03:00
|
|
|
const path = require('path');
|
|
|
|
const fs = require('fs');
|
2020-04-29 18:44:27 +03:00
|
|
|
|
|
|
|
const supertest = require('supertest');
|
2021-10-06 14:38:40 +03:00
|
|
|
const testUtils = require('../utils');
|
|
|
|
const configUtils = require('../utils/configUtils');
|
|
|
|
const urlUtils = require('../utils/urlUtils');
|
|
|
|
const adminUtils = require('../utils/admin-utils');
|
|
|
|
const config = require('../../core/shared/config');
|
2020-04-29 18:44:27 +03:00
|
|
|
let request;
|
2016-09-13 21:23:22 +03:00
|
|
|
|
2021-10-06 17:51:03 +03:00
|
|
|
function assertCorrectHeaders(res) {
|
|
|
|
should.not.exist(res.headers['x-cache-invalidate']);
|
|
|
|
should.exist(res.headers.date);
|
|
|
|
}
|
2014-03-24 01:49:43 +04:00
|
|
|
|
2021-10-06 17:51:03 +03:00
|
|
|
describe('Admin Routing', function () {
|
|
|
|
before(async function () {
|
2022-05-17 11:05:44 +03:00
|
|
|
adminUtils.stubAdminFiles();
|
2021-07-05 22:02:22 +03:00
|
|
|
|
2021-10-06 17:51:03 +03:00
|
|
|
await testUtils.startGhost();
|
|
|
|
request = supertest.agent(config.get('url'));
|
2017-11-29 14:48:05 +03:00
|
|
|
});
|
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937)
* 🔥 kill apiUrl helper, use urlFor helper instead
More consistency of creating urls.
Creates an easier ability to add config changes.
Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs.
The url util need's refactoring anyway.
* 🔥 urlSSL
Remove all urlSSL usages.
Add TODO's for the next commit to re-add logic for deleted logic.
e.g.
- cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available
- theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag)
The changes in this commit doesn't have to be right, but it helped going step by step.
The next commit is the more interesting one.
* 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic
I wanted to remove the forceAdminSSL as separate commit, but was hard to realise.
That's why both changes are in one commit:
1. remove forceAdminSSL
2. add admin.url option
- fix TODO's from last commits
- rewrite the ssl middleware!
- create some private helper functions in the url helper to realise the changes
- rename some wordings and functions e.g. base === blog (we have so much different wordings)
- i would like to do more, but this would end in a non readable PR
- this commit contains the most important changes to offer admin.url option
* 🤖 adapt tests
IMPORTANT
- all changes in the routing tests were needed, because each routing test did not start the ghost server
- they just required the ghost application, which resulted in a random server port
- having a random server port results in a redirect, caused by the ssl/redirect middleware
* 😎 rename check-ssl middleware
* 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
|
|
|
|
2017-11-29 14:48:05 +03:00
|
|
|
describe('Assets', function () {
|
2021-10-06 17:51:03 +03:00
|
|
|
it('should return 404 for unknown assets', async function () {
|
2021-10-22 16:25:58 +03:00
|
|
|
await request.get('/ghost/assets/not-found.js')
|
2017-11-29 14:48:05 +03:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.private)
|
|
|
|
.expect(404)
|
2021-10-06 17:51:03 +03:00
|
|
|
.expect(assertCorrectHeaders);
|
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937)
* 🔥 kill apiUrl helper, use urlFor helper instead
More consistency of creating urls.
Creates an easier ability to add config changes.
Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs.
The url util need's refactoring anyway.
* 🔥 urlSSL
Remove all urlSSL usages.
Add TODO's for the next commit to re-add logic for deleted logic.
e.g.
- cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available
- theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag)
The changes in this commit doesn't have to be right, but it helped going step by step.
The next commit is the more interesting one.
* 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic
I wanted to remove the forceAdminSSL as separate commit, but was hard to realise.
That's why both changes are in one commit:
1. remove forceAdminSSL
2. add admin.url option
- fix TODO's from last commits
- rewrite the ssl middleware!
- create some private helper functions in the url helper to realise the changes
- rename some wordings and functions e.g. base === blog (we have so much different wordings)
- i would like to do more, but this would end in a non readable PR
- this commit contains the most important changes to offer admin.url option
* 🤖 adapt tests
IMPORTANT
- all changes in the routing tests were needed, because each routing test did not start the ghost server
- they just required the ghost application, which resulted in a random server port
- having a random server port results in a redirect, caused by the ssl/redirect middleware
* 😎 rename check-ssl middleware
* 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
|
|
|
});
|
|
|
|
|
2021-10-06 17:51:03 +03:00
|
|
|
it('should retrieve built assets', async function () {
|
2021-10-22 16:25:58 +03:00
|
|
|
await request.get('/ghost/assets/vendor.js')
|
2022-09-23 08:46:49 +03:00
|
|
|
.expect('Cache-Control', testUtils.cacheRules.yearImmutable)
|
2017-11-29 14:48:05 +03:00
|
|
|
.expect(200)
|
2021-10-06 17:51:03 +03:00
|
|
|
.expect(assertCorrectHeaders);
|
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937)
* 🔥 kill apiUrl helper, use urlFor helper instead
More consistency of creating urls.
Creates an easier ability to add config changes.
Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs.
The url util need's refactoring anyway.
* 🔥 urlSSL
Remove all urlSSL usages.
Add TODO's for the next commit to re-add logic for deleted logic.
e.g.
- cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available
- theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag)
The changes in this commit doesn't have to be right, but it helped going step by step.
The next commit is the more interesting one.
* 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic
I wanted to remove the forceAdminSSL as separate commit, but was hard to realise.
That's why both changes are in one commit:
1. remove forceAdminSSL
2. add admin.url option
- fix TODO's from last commits
- rewrite the ssl middleware!
- create some private helper functions in the url helper to realise the changes
- rename some wordings and functions e.g. base === blog (we have so much different wordings)
- i would like to do more, but this would end in a non readable PR
- this commit contains the most important changes to offer admin.url option
* 🤖 adapt tests
IMPORTANT
- all changes in the routing tests were needed, because each routing test did not start the ghost server
- they just required the ghost application, which resulted in a random server port
- having a random server port results in a redirect, caused by the ssl/redirect middleware
* 😎 rename check-ssl middleware
* 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
|
|
|
});
|
2017-11-29 14:48:05 +03:00
|
|
|
});
|
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937)
* 🔥 kill apiUrl helper, use urlFor helper instead
More consistency of creating urls.
Creates an easier ability to add config changes.
Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs.
The url util need's refactoring anyway.
* 🔥 urlSSL
Remove all urlSSL usages.
Add TODO's for the next commit to re-add logic for deleted logic.
e.g.
- cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available
- theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag)
The changes in this commit doesn't have to be right, but it helped going step by step.
The next commit is the more interesting one.
* 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic
I wanted to remove the forceAdminSSL as separate commit, but was hard to realise.
That's why both changes are in one commit:
1. remove forceAdminSSL
2. add admin.url option
- fix TODO's from last commits
- rewrite the ssl middleware!
- create some private helper functions in the url helper to realise the changes
- rename some wordings and functions e.g. base === blog (we have so much different wordings)
- i would like to do more, but this would end in a non readable PR
- this commit contains the most important changes to offer admin.url option
* 🤖 adapt tests
IMPORTANT
- all changes in the routing tests were needed, because each routing test did not start the ghost server
- they just required the ghost application, which resulted in a random server port
- having a random server port results in a redirect, caused by the ssl/redirect middleware
* 😎 rename check-ssl middleware
* 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
|
|
|
|
2019-09-11 16:55:00 +03:00
|
|
|
describe('Admin Redirects', function () {
|
2021-10-06 17:51:03 +03:00
|
|
|
it('should redirect /GHOST/ to /ghost/', async function () {
|
2021-10-22 16:25:58 +03:00
|
|
|
await request.get('/GHOST/')
|
2017-11-29 14:48:05 +03:00
|
|
|
.expect('Location', '/ghost/')
|
|
|
|
.expect(301)
|
2021-10-06 17:51:03 +03:00
|
|
|
.expect(assertCorrectHeaders);
|
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937)
* 🔥 kill apiUrl helper, use urlFor helper instead
More consistency of creating urls.
Creates an easier ability to add config changes.
Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs.
The url util need's refactoring anyway.
* 🔥 urlSSL
Remove all urlSSL usages.
Add TODO's for the next commit to re-add logic for deleted logic.
e.g.
- cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available
- theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag)
The changes in this commit doesn't have to be right, but it helped going step by step.
The next commit is the more interesting one.
* 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic
I wanted to remove the forceAdminSSL as separate commit, but was hard to realise.
That's why both changes are in one commit:
1. remove forceAdminSSL
2. add admin.url option
- fix TODO's from last commits
- rewrite the ssl middleware!
- create some private helper functions in the url helper to realise the changes
- rename some wordings and functions e.g. base === blog (we have so much different wordings)
- i would like to do more, but this would end in a non readable PR
- this commit contains the most important changes to offer admin.url option
* 🤖 adapt tests
IMPORTANT
- all changes in the routing tests were needed, because each routing test did not start the ghost server
- they just required the ghost application, which resulted in a random server port
- having a random server port results in a redirect, caused by the ssl/redirect middleware
* 😎 rename check-ssl middleware
* 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
});
|
2014-03-24 01:49:43 +04:00
|
|
|
|
2017-11-29 14:48:05 +03:00
|
|
|
// we'll use X-Forwarded-Proto: https to simulate an 'https://' request behind a proxy
|
|
|
|
describe('Require HTTPS - redirect', function () {
|
2021-10-06 17:51:03 +03:00
|
|
|
before(async function () {
|
2017-11-29 14:48:05 +03:00
|
|
|
configUtils.set('url', 'https://localhost:2390');
|
2019-06-18 16:13:55 +03:00
|
|
|
urlUtils.stubUrlUtilsFromConfig();
|
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937)
* 🔥 kill apiUrl helper, use urlFor helper instead
More consistency of creating urls.
Creates an easier ability to add config changes.
Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs.
The url util need's refactoring anyway.
* 🔥 urlSSL
Remove all urlSSL usages.
Add TODO's for the next commit to re-add logic for deleted logic.
e.g.
- cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available
- theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag)
The changes in this commit doesn't have to be right, but it helped going step by step.
The next commit is the more interesting one.
* 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic
I wanted to remove the forceAdminSSL as separate commit, but was hard to realise.
That's why both changes are in one commit:
1. remove forceAdminSSL
2. add admin.url option
- fix TODO's from last commits
- rewrite the ssl middleware!
- create some private helper functions in the url helper to realise the changes
- rename some wordings and functions e.g. base === blog (we have so much different wordings)
- i would like to do more, but this would end in a non readable PR
- this commit contains the most important changes to offer admin.url option
* 🤖 adapt tests
IMPORTANT
- all changes in the routing tests were needed, because each routing test did not start the ghost server
- they just required the ghost application, which resulted in a random server port
- having a random server port results in a redirect, caused by the ssl/redirect middleware
* 😎 rename check-ssl middleware
* 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
|
|
|
|
2021-10-06 17:51:03 +03:00
|
|
|
await testUtils.startGhost({forceStart: true});
|
|
|
|
request = supertest.agent(config.get('server:host') + ':' + config.get('server:port'));
|
2017-11-29 14:48:05 +03:00
|
|
|
});
|
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937)
* 🔥 kill apiUrl helper, use urlFor helper instead
More consistency of creating urls.
Creates an easier ability to add config changes.
Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs.
The url util need's refactoring anyway.
* 🔥 urlSSL
Remove all urlSSL usages.
Add TODO's for the next commit to re-add logic for deleted logic.
e.g.
- cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available
- theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag)
The changes in this commit doesn't have to be right, but it helped going step by step.
The next commit is the more interesting one.
* 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic
I wanted to remove the forceAdminSSL as separate commit, but was hard to realise.
That's why both changes are in one commit:
1. remove forceAdminSSL
2. add admin.url option
- fix TODO's from last commits
- rewrite the ssl middleware!
- create some private helper functions in the url helper to realise the changes
- rename some wordings and functions e.g. base === blog (we have so much different wordings)
- i would like to do more, but this would end in a non readable PR
- this commit contains the most important changes to offer admin.url option
* 🤖 adapt tests
IMPORTANT
- all changes in the routing tests were needed, because each routing test did not start the ghost server
- they just required the ghost application, which resulted in a random server port
- having a random server port results in a redirect, caused by the ssl/redirect middleware
* 😎 rename check-ssl middleware
* 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
|
|
|
|
2017-11-29 14:48:05 +03:00
|
|
|
after(function () {
|
2019-06-18 16:13:55 +03:00
|
|
|
urlUtils.restore();
|
2017-11-29 14:48:05 +03:00
|
|
|
configUtils.restore();
|
|
|
|
});
|
|
|
|
|
2021-10-06 17:51:03 +03:00
|
|
|
it('should redirect admin access over non-HTTPS', async function () {
|
2021-10-22 16:25:58 +03:00
|
|
|
await request.get('/ghost/')
|
2017-11-29 14:48:05 +03:00
|
|
|
.expect('Location', /^https:\/\/localhost:2390\/ghost\//)
|
|
|
|
.expect(301)
|
2021-10-06 17:51:03 +03:00
|
|
|
.expect(assertCorrectHeaders);
|
2017-11-29 14:48:05 +03:00
|
|
|
});
|
|
|
|
|
2021-10-06 17:51:03 +03:00
|
|
|
it('should allow admin access over HTTPS', async function () {
|
2021-10-22 16:25:58 +03:00
|
|
|
await request.get('/ghost/')
|
2017-11-29 14:48:05 +03:00
|
|
|
.set('X-Forwarded-Proto', 'https')
|
|
|
|
.expect(200)
|
2021-10-06 17:51:03 +03:00
|
|
|
.expect(assertCorrectHeaders);
|
2013-12-31 03:13:25 +04:00
|
|
|
});
|
|
|
|
});
|
2021-10-22 16:25:58 +03:00
|
|
|
|
|
|
|
describe('built template', function () {
|
|
|
|
beforeEach(function () {
|
|
|
|
const configPaths = configUtils.config.get('paths');
|
2022-08-02 15:43:45 +03:00
|
|
|
configPaths.adminAssets = path.resolve('test/utils/fixtures/admin-build');
|
2021-10-22 16:25:58 +03:00
|
|
|
configUtils.set('paths', configPaths);
|
|
|
|
});
|
|
|
|
|
|
|
|
afterEach(function () {
|
|
|
|
configUtils.restore();
|
|
|
|
});
|
|
|
|
|
🐛 Fixed missing published Admin assets when running in development
refs https://forum.ghost.org/t/admin-template-issues-default-install/31750
- we recently switched to using different folders within `core/built`, to
indicate the assets that are applicable for development/production
environments
- unfortunately, this came with the side effect of the "development" assets
missing in the published tarball, which meant Admin wouldn't load when
running in development mode
- this was a regression from how it previously worked because we used to
just copy the production HTML file to the development HTML name, and
use the same assets
- after thinking about it, I think we can get rid of the split folders
for assets, because I don't think the use-case is there for having
them:
- if you run Ghost from source, you're 99% only using the
development-built assets
- if you want production ones, you can run with a flag, but the
development ones get wiped anyway
- those running Ghost from a published package are using the same
assets and HTML file
- therefore, I think we can make our lives simpler by removing the env
folders and using a folder under `core/built/admin/...`
- this commit implements that across Ghost and Admin
2022-08-04 10:56:02 +03:00
|
|
|
it('serves assets in production', async function () {
|
2021-10-22 16:25:58 +03:00
|
|
|
configUtils.set('env', 'production');
|
|
|
|
|
🐛 Fixed missing published Admin assets when running in development
refs https://forum.ghost.org/t/admin-template-issues-default-install/31750
- we recently switched to using different folders within `core/built`, to
indicate the assets that are applicable for development/production
environments
- unfortunately, this came with the side effect of the "development" assets
missing in the published tarball, which meant Admin wouldn't load when
running in development mode
- this was a regression from how it previously worked because we used to
just copy the production HTML file to the development HTML name, and
use the same assets
- after thinking about it, I think we can get rid of the split folders
for assets, because I don't think the use-case is there for having
them:
- if you run Ghost from source, you're 99% only using the
development-built assets
- if you want production ones, you can run with a flag, but the
development ones get wiped anyway
- those running Ghost from a published package are using the same
assets and HTML file
- therefore, I think we can make our lives simpler by removing the env
folders and using a folder under `core/built/admin/...`
- this commit implements that across Ghost and Admin
2022-08-04 10:56:02 +03:00
|
|
|
const prodTemplate = fs.readFileSync(path.resolve('test/utils/fixtures/admin-build/index.html')).toString();
|
2021-10-22 16:25:58 +03:00
|
|
|
|
|
|
|
const res = await request.get('/ghost/')
|
|
|
|
.set('X-Forwarded-Proto', 'https')
|
|
|
|
.expect(200);
|
|
|
|
|
|
|
|
res.text.should.equal(prodTemplate);
|
|
|
|
});
|
|
|
|
|
🐛 Fixed missing published Admin assets when running in development
refs https://forum.ghost.org/t/admin-template-issues-default-install/31750
- we recently switched to using different folders within `core/built`, to
indicate the assets that are applicable for development/production
environments
- unfortunately, this came with the side effect of the "development" assets
missing in the published tarball, which meant Admin wouldn't load when
running in development mode
- this was a regression from how it previously worked because we used to
just copy the production HTML file to the development HTML name, and
use the same assets
- after thinking about it, I think we can get rid of the split folders
for assets, because I don't think the use-case is there for having
them:
- if you run Ghost from source, you're 99% only using the
development-built assets
- if you want production ones, you can run with a flag, but the
development ones get wiped anyway
- those running Ghost from a published package are using the same
assets and HTML file
- therefore, I think we can make our lives simpler by removing the env
folders and using a folder under `core/built/admin/...`
- this commit implements that across Ghost and Admin
2022-08-04 10:56:02 +03:00
|
|
|
it('serves assets when not in production', async function () {
|
|
|
|
const devTemplate = fs.readFileSync(path.resolve('test/utils/fixtures/admin-build/index.html')).toString();
|
2021-10-22 16:25:58 +03:00
|
|
|
|
|
|
|
const res = await request.get('/ghost/')
|
|
|
|
.set('X-Forwarded-Proto', 'https')
|
|
|
|
.expect(200);
|
|
|
|
|
|
|
|
res.text.should.equal(devTemplate);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('generates it\'s own ETag header from file contents', async function () {
|
|
|
|
const res = await request.get('/ghost/')
|
|
|
|
.set('X-Forwarded-Proto', 'https')
|
|
|
|
.expect(200);
|
|
|
|
|
|
|
|
should.exist(res.headers.etag);
|
🐛 Fixed missing published Admin assets when running in development
refs https://forum.ghost.org/t/admin-template-issues-default-install/31750
- we recently switched to using different folders within `core/built`, to
indicate the assets that are applicable for development/production
environments
- unfortunately, this came with the side effect of the "development" assets
missing in the published tarball, which meant Admin wouldn't load when
running in development mode
- this was a regression from how it previously worked because we used to
just copy the production HTML file to the development HTML name, and
use the same assets
- after thinking about it, I think we can get rid of the split folders
for assets, because I don't think the use-case is there for having
them:
- if you run Ghost from source, you're 99% only using the
development-built assets
- if you want production ones, you can run with a flag, but the
development ones get wiped anyway
- those running Ghost from a published package are using the same
assets and HTML file
- therefore, I think we can make our lives simpler by removing the env
folders and using a folder under `core/built/admin/...`
- this commit implements that across Ghost and Admin
2022-08-04 10:56:02 +03:00
|
|
|
res.headers.etag.should.equal('8793333e8e91cde411b1336c58ec6ef3');
|
2021-10-22 16:25:58 +03:00
|
|
|
});
|
|
|
|
});
|
2014-07-01 03:26:08 +04:00
|
|
|
});
|