Ghost/ghost/core/test/e2e-server/admin.test.js

153 lines
5.4 KiB
JavaScript
Raw Normal View History

// # Frontend Route tests
// As it stands, these tests depend on the database, and as such are integration tests.
// Mocking out the models to not touch the DB would turn these into unit tests, and should probably be done in future,
// But then again testing real code, rather than mock code, might be more useful...
const should = require('should');
const path = require('path');
const fs = require('fs');
const supertest = require('supertest');
const testUtils = require('../utils');
const configUtils = require('../utils/configUtils');
const urlUtils = require('../utils/urlUtils');
const adminUtils = require('../utils/admin-utils');
const config = require('../../core/shared/config');
let request;
function assertCorrectHeaders(res) {
should.not.exist(res.headers['x-cache-invalidate']);
should.exist(res.headers.date);
}
describe('Admin Routing', function () {
before(async function () {
adminUtils.stubAdminFiles();
Improved dev tooling (#13118) This commit achieves a few things: - ☑️ No longer having to remember whether a command is yarn something or grunt something - ☑️ Simplification of tools hopefully making them easier to remember and use - ☑️ Complete removal of the need for grunt from our test tooling Several of the tools still use grunt under the hood, but the **entrypoint** should aways be `yarn xxx`. - `grunt main` -> `yarn main` - `grunt dev` -> `yarn dev` - `grunt build` -> `yarn build` - `grunt test:file-or-folder` -> `yarn test file-or-folder` - `grunt test-unit` -> `yarn test:unit` - `grunt test-acceptance` -> `yarn test:acceptance` - `grunt test-regression` -> `yarn test:regression` - `grunt validate` -> removed due to lack of use There is now also `yarn test:all` to run all 3 classes of tests This PR also reorders & restructures the Gruntfile extensively so that: - The remaining useful commands are all at the top of the file - Config and other blah happens after all the useful commands - All release-only config happens in the release task at the very end of the file --- DONE: * Removed all references to npm/bower * Removed all references to lint / deprecated command * Moved debug to yarn dev:debug * Removed all references to travis * Removed broken help task + useless comment * Removed unused knex-migrator and clean:test setup tasks * Added new test commands, removed grunt validate * Moved stubClientFiles to test utility and use in the few tests that need it * Used mocha in yarn directly except grunt test:x * Swapped grunt test for yarn test * extensive cleanup and reshuffling
2021-07-05 22:02:22 +03:00
await testUtils.startGhost();
request = supertest.agent(config.get('url'));
});
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
describe('Assets', function () {
it('should return 404 for unknown assets', async function () {
await request.get('/ghost/assets/not-found.js')
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(404)
.expect(assertCorrectHeaders);
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
});
it('should retrieve built assets', async function () {
await request.get('/ghost/assets/vendor.js')
.expect('Cache-Control', testUtils.cacheRules.yearImmutable)
.expect(200)
.expect(assertCorrectHeaders);
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
});
});
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
describe('Auth Frame', function () {
before(function () {
// ensure the admin-auth folder exists so serveStatic doesn't fall through
adminUtils.stubAuthFrameFiles(configUtils.config.getContentPath('public'));
});
it('Renders 204 with no admin session cookie', async function () {
await request
.get('/ghost/auth-frame/')
.set('Origin', config.get('url'))
.expect(204);
});
it('Renders static file with admin session cookie', async function () {
await request
.get('/ghost/auth-frame/')
.set('Origin', config.get('url'))
.set('Cookie', [
'ghost-admin-api-session=abc; Path=/; HttpOnly; Secure; SameSite=Strict'
])
.expect(200);
});
});
describe('Admin Redirects', function () {
it('should redirect /GHOST/ to /ghost/', async function () {
await request.get('/GHOST/')
.expect('Location', '/ghost/')
.expect(301)
.expect(assertCorrectHeaders);
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
});
});
// we'll use X-Forwarded-Proto: https to simulate an 'https://' request behind a proxy
describe('Require HTTPS - redirect', function () {
before(async function () {
configUtils.set('url', 'https://localhost:2390');
urlUtils.stubUrlUtilsFromConfig();
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
await testUtils.startGhost({forceStart: true});
request = supertest.agent(config.get('server:host') + ':' + config.get('server:port'));
});
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
Fixed configUtils and adapter cache issues in E2E tests (#16167) no issue There are a couple of issues with resetting the Ghost instance between E2E test files: These issues came to the surface because of new tests written in https://github.com/TryGhost/Ghost/pull/16117 **1. configUtils.restore does not work correctly** `config.reset()` is a callback based method. On top of that, it doesn't really work reliably (https://github.com/indexzero/nconf/issues/93) What kinda happens, is that you first call `config.reset` but immediately after you correcty reset the config using the `config.set` calls afterwards. But since `config.reset` is async, that reset will happen after all those sets, and the end result is that it isn't reset correctly. This mainly caused issues in the new updated images tests, which were updating the config `imageOptimization.contentImageSizes`, which is a deeply nested config value. Maybe some references to objects are reused in nconf that cause this issue? Wrapping `config.reset()` in a promise does fix the issue. **2. Adapters cache not reset between tests** At the start of each test, we set `paths:contentPath` to a nice new temporary directory. But if a previous test already requests a localStorage adapter, that adapter would have been created and in the constructor `paths:contentPath` would have been passed. That same instance will be reused in the next test run. So it won't read the new config again. To fix this, we need to reset the adapter instances between E2E tests. How was this visible? Test uploads were stored in the actual git repository, and not in a temporary directory. When writing the new image upload tests, this also resulted in unreliable test runs because some image names were already taken (from previous test runs). **3. Old 2E2 test Ghost server not stopped** Sometimes we still need access to the frontend test server using `getAgentsWithFrontend`. But that does start a new Ghost server which is actually listening for HTTP traffic. This could result in a fatal error in tests because the port is already in use. The issue is that old E2E tests also start a HTTP server, but they don't stop the server. When you used the old `startGhost` util, it would check if a server was already running and stop it first. The new `getAgentsWithFrontend` now also has the same functionality to fix that issue.
2023-01-30 16:06:20 +03:00
after(async function () {
urlUtils.restore();
Fixed configUtils and adapter cache issues in E2E tests (#16167) no issue There are a couple of issues with resetting the Ghost instance between E2E test files: These issues came to the surface because of new tests written in https://github.com/TryGhost/Ghost/pull/16117 **1. configUtils.restore does not work correctly** `config.reset()` is a callback based method. On top of that, it doesn't really work reliably (https://github.com/indexzero/nconf/issues/93) What kinda happens, is that you first call `config.reset` but immediately after you correcty reset the config using the `config.set` calls afterwards. But since `config.reset` is async, that reset will happen after all those sets, and the end result is that it isn't reset correctly. This mainly caused issues in the new updated images tests, which were updating the config `imageOptimization.contentImageSizes`, which is a deeply nested config value. Maybe some references to objects are reused in nconf that cause this issue? Wrapping `config.reset()` in a promise does fix the issue. **2. Adapters cache not reset between tests** At the start of each test, we set `paths:contentPath` to a nice new temporary directory. But if a previous test already requests a localStorage adapter, that adapter would have been created and in the constructor `paths:contentPath` would have been passed. That same instance will be reused in the next test run. So it won't read the new config again. To fix this, we need to reset the adapter instances between E2E tests. How was this visible? Test uploads were stored in the actual git repository, and not in a temporary directory. When writing the new image upload tests, this also resulted in unreliable test runs because some image names were already taken (from previous test runs). **3. Old 2E2 test Ghost server not stopped** Sometimes we still need access to the frontend test server using `getAgentsWithFrontend`. But that does start a new Ghost server which is actually listening for HTTP traffic. This could result in a fatal error in tests because the port is already in use. The issue is that old E2E tests also start a HTTP server, but they don't stop the server. When you used the old `startGhost` util, it would check if a server was already running and stop it first. The new `getAgentsWithFrontend` now also has the same functionality to fix that issue.
2023-01-30 16:06:20 +03:00
await configUtils.restore();
});
it('should redirect admin access over non-HTTPS', async function () {
await request.get('/ghost/')
.expect('Location', /^https:\/\/localhost:2390\/ghost\//)
.expect(301)
.expect(assertCorrectHeaders);
});
it('should allow admin access over HTTPS', async function () {
await request.get('/ghost/')
.set('X-Forwarded-Proto', 'https')
.expect(200)
.expect(assertCorrectHeaders);
});
});
describe('built template', function () {
beforeEach(function () {
const configPaths = configUtils.config.get('paths');
configPaths.adminAssets = path.resolve('test/utils/fixtures/admin-build');
configUtils.set('paths', configPaths);
});
Fixed configUtils and adapter cache issues in E2E tests (#16167) no issue There are a couple of issues with resetting the Ghost instance between E2E test files: These issues came to the surface because of new tests written in https://github.com/TryGhost/Ghost/pull/16117 **1. configUtils.restore does not work correctly** `config.reset()` is a callback based method. On top of that, it doesn't really work reliably (https://github.com/indexzero/nconf/issues/93) What kinda happens, is that you first call `config.reset` but immediately after you correcty reset the config using the `config.set` calls afterwards. But since `config.reset` is async, that reset will happen after all those sets, and the end result is that it isn't reset correctly. This mainly caused issues in the new updated images tests, which were updating the config `imageOptimization.contentImageSizes`, which is a deeply nested config value. Maybe some references to objects are reused in nconf that cause this issue? Wrapping `config.reset()` in a promise does fix the issue. **2. Adapters cache not reset between tests** At the start of each test, we set `paths:contentPath` to a nice new temporary directory. But if a previous test already requests a localStorage adapter, that adapter would have been created and in the constructor `paths:contentPath` would have been passed. That same instance will be reused in the next test run. So it won't read the new config again. To fix this, we need to reset the adapter instances between E2E tests. How was this visible? Test uploads were stored in the actual git repository, and not in a temporary directory. When writing the new image upload tests, this also resulted in unreliable test runs because some image names were already taken (from previous test runs). **3. Old 2E2 test Ghost server not stopped** Sometimes we still need access to the frontend test server using `getAgentsWithFrontend`. But that does start a new Ghost server which is actually listening for HTTP traffic. This could result in a fatal error in tests because the port is already in use. The issue is that old E2E tests also start a HTTP server, but they don't stop the server. When you used the old `startGhost` util, it would check if a server was already running and stop it first. The new `getAgentsWithFrontend` now also has the same functionality to fix that issue.
2023-01-30 16:06:20 +03:00
afterEach(async function () {
await configUtils.restore();
});
it('serves assets in production', async function () {
configUtils.set('env', 'production');
const prodTemplate = fs.readFileSync(path.resolve('test/utils/fixtures/admin-build/index.html')).toString();
const res = await request.get('/ghost/')
.set('X-Forwarded-Proto', 'https')
.expect(200);
res.text.should.equal(prodTemplate);
});
it('serves assets when not in production', async function () {
const devTemplate = fs.readFileSync(path.resolve('test/utils/fixtures/admin-build/index.html')).toString();
const res = await request.get('/ghost/')
.set('X-Forwarded-Proto', 'https')
.expect(200);
res.text.should.equal(devTemplate);
});
it('generates it\'s own ETag header from file contents', async function () {
const res = await request.get('/ghost/')
.set('X-Forwarded-Proto', 'https')
.expect(200);
should.exist(res.headers.etag);
res.headers.etag.should.equal('8793333e8e91cde411b1336c58ec6ef3');
});
});
});