Ghost/core/test/functional/routes/admin_spec.js

205 lines
7.2 KiB
JavaScript
Raw Normal View History

// # Frontend Route tests
// As it stands, these tests depend on the database, and as such are integration tests.
// Mocking out the models to not touch the DB would turn these into unit tests, and should probably be done in future,
// But then again testing real code, rather than mock code, might be more useful...
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
var request = require('supertest'),
should = require('should'),
testUtils = require('../../utils'),
ghost = testUtils.startGhost,
i18n = require('../../../../core/server/i18n'),
config = require('../../../../core/server/config');
i18n.init();
describe('Admin Routing', function () {
function doEnd(done) {
return function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
should.exist(res.headers.date);
done();
};
}
function doEndNoAuth(done) {
return function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
should.exist(res.headers.date);
done();
};
}
before(testUtils.teardown);
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
describe('NO FORK', function () {
var ghostServer;
🎉 🎨 ✨ Remove middleware/index.js (#7548) closes #4172, closes #6948, refs #7491, refs #7488, refs #7542, refs #7484 * 🎨 Co-locate all admin-related code in /admin - move all the admin related code from controllers, routes and helpers into a single location - add error handling middleware explicitly to adminApp - re-order blogApp middleware to ensure the shared middleware is mounted after the adminApp - TODO: rethink the structure of /admin, this should probably be an internal app * 💄 Group global middleware together - There are only a few pieces of middleware which are "global" - These are needed for the admin, blog and api - Everything else is only needed in one or two places * ✨ Introduce a separate blogApp - create a brand-new blogApp - mount all blog/theme only middleware etc onto blogApp - mount error handling on blogApp only * 🎨 Separate error handling for HTML & API JSON - split JSON and HTML error handling into separate functions - re-introduce a way to not output the stack for certain errors - add more tests around errors & an assertion framework for checking JSON Errors - TODO: better 404 handling for static assets Rationale: The API is very different to the blog/admin panel: - It is intended to only ever serve JSON, never HTML responses - It is intended to always serve JSON Meanwhile the blog and admin panel have no need for JSON errors, when an error happens on those pages, we should serve HTML pages which are nicely formatted with the error & using the correct template * 🐛 Fix checkSSL to work for subapps - in order to make this work on a sub app we need to use the pattern `req.originalUrl || req.url` * 🔥 Get rid of decide-is-admin (part 1/2) - delete decide-is-admin & tests - add two small functions to apiApp and adminApp to set res.isAdmin - mount checkSSL on all the apps - TODO: deduplicate the calls to checkSSL by making blogApp a subApp :D - PART 2/2: finish cleaning this up by removing it from where it's not needed and giving it a more specific name Rationale: Now that we have both an adminApp and an apiApp, we can temporarily replace this weird path-matching middleware with middleware that sets res.isAdmin for api & admin * 🎨 Wire up prettyURLs on all Apps - prettyURLs is needed for all requests - it cannot be global because it has to live after asset middleware, and before routing - this does not result in duplicate redirects, but does result in duplicate checks - TODO: resolve extra middleware in stack by making blogApp a sub app * ⏱ Add debug to API setup * 🎨 Rename blogApp -> parentApp in middleware * 🎨 Co-locate all blog-related code in /blog - Move all of the blogApp code from middleware/index.js to blog/app.js - Move routes/frontend.js to blog/routes.js - Remove the routes/index.js and routes folder, this is empty now! - @TODO is blog the best name for this? 🤔 - @TODO sort out the big hunk of asset-related mess - @TODO also separate out the concept of theme from blog * 🎉 Replace middleware index with server/app.js - The final piece of the puzzle! 🎉 🎈 🎂 - We no longer have our horrendous middleware/index.js - Instead, we have a set of app.js files, which all use a familiar pattern * 💄 Error handling fixups
2016-10-13 18:24:09 +03:00
before(function (done) {
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
ghost().then(function (_ghostServer) {
ghostServer = _ghostServer;
return ghostServer.start();
}).then(function () {
request = request(config.get('url'));
done();
}).catch(function (e) {
console.log('Ghost Error: ', e);
console.log(e.stack);
done(e);
});
});
after(function () {
return testUtils.clearData()
.then(function () {
return ghostServer.stop();
});
});
describe('Assets', function () {
it('should return 404 for unknown assets', function (done) {
request.get('/ghost/assets/not-found.js')
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(404)
.end(doEnd(done));
});
it('should retrieve built assets', function (done) {
request.get('/ghost/assets/vendor.js')
.expect('Cache-Control', testUtils.cacheRules.year)
.expect(200)
.end(doEnd(done));
});
});
describe('Legacy Redirects', function () {
it('should redirect /logout/ to /ghost/signout/', function (done) {
request.get('/logout/')
.expect('Location', '/ghost/signout/')
.expect('Cache-Control', testUtils.cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
it('should redirect /signout/ to /ghost/signout/', function (done) {
request.get('/signout/')
.expect('Location', '/ghost/signout/')
.expect('Cache-Control', testUtils.cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
it('should redirect /signup/ to /ghost/signup/', function (done) {
request.get('/signup/')
.expect('Location', '/ghost/signup/')
.expect('Cache-Control', testUtils.cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
// Admin aliases
it('should redirect /signin/ to /ghost/', function (done) {
request.get('/signin/')
.expect('Location', '/ghost/')
.expect('Cache-Control', testUtils.cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
it('should redirect /admin/ to /ghost/', function (done) {
request.get('/admin/')
.expect('Location', '/ghost/')
.expect('Cache-Control', testUtils.cacheRules.year)
.expect(301)
.end(doEndNoAuth(done));
});
it('should redirect /GHOST/ to /ghost/', function (done) {
request.get('/GHOST/')
.expect('Location', '/ghost/')
.expect(301)
.end(doEndNoAuth(done));
});
});
describe('Ghost Admin Setup', function () {
it('should redirect from /ghost/ to /ghost/setup/ when no user/not installed yet', function (done) {
request.get('/ghost/')
.expect('Location', /ghost\/setup/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(302)
.end(doEnd(done));
});
it('should redirect from /ghost/signin/ to /ghost/setup/ when no user', function (done) {
request.get('/ghost/signin/')
.expect('Location', /ghost\/setup/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(302)
.end(doEnd(done));
});
it('should respond with html for /ghost/setup/', function (done) {
request.get('/ghost/setup/')
.expect('Content-Type', /html/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(doEnd(done));
});
});
});
🔥✨ remove forceAdminSSL and urlSSL, add admin url (#7937) * 🔥 kill apiUrl helper, use urlFor helper instead More consistency of creating urls. Creates an easier ability to add config changes. Attention: urlFor function is getting a little nesty, BUT that is for now wanted to make easier and centralised changes to the configs. The url util need's refactoring anyway. * 🔥 urlSSL Remove all urlSSL usages. Add TODO's for the next commit to re-add logic for deleted logic. e.g. - cors helper generated an array of url's to allow requests from the defined config url's -> will be replaced by the admin url if available - theme handler prefered the urlSSL in case it was defined -> will be replaced by using the urlFor helper to get the blog url (based on the request secure flag) The changes in this commit doesn't have to be right, but it helped going step by step. The next commit is the more interesting one. * 🔥 ✨ remove forceAdminSSL, add new admin url and adapt logic I wanted to remove the forceAdminSSL as separate commit, but was hard to realise. That's why both changes are in one commit: 1. remove forceAdminSSL 2. add admin.url option - fix TODO's from last commits - rewrite the ssl middleware! - create some private helper functions in the url helper to realise the changes - rename some wordings and functions e.g. base === blog (we have so much different wordings) - i would like to do more, but this would end in a non readable PR - this commit contains the most important changes to offer admin.url option * 🤖 adapt tests IMPORTANT - all changes in the routing tests were needed, because each routing test did not start the ghost server - they just required the ghost application, which resulted in a random server port - having a random server port results in a redirect, caused by the ssl/redirect middleware * 😎 rename check-ssl middleware * 🎨 fix theme-handler because of master rebase
2017-02-03 21:13:22 +03:00
describe('FORK', function () {
// we'll use X-Forwarded-Proto: https to simulate an 'https://' request behind a proxy
describe('Require HTTPS - redirect', function () {
var forkedGhost, request;
before(function (done) {
testUtils.fork.ghost({
url: 'https://localhost/',
server: {
port: 2390
}
}, 'testhttps')
.then(function (child) {
forkedGhost = child;
request = require('supertest');
request = request('http://localhost:2390');
}).then(done)
.catch(done);
});
after(function (done) {
if (forkedGhost) {
forkedGhost.kill(done);
} else {
done(new Error('No forked ghost process exists, test setup must have failed.'));
}
});
it('should redirect admin access over non-HTTPS', function (done) {
request.get('/ghost/')
.expect('Location', /^https:\/\/localhost:2390\/ghost\//)
.expect(301)
.end(doEnd(done));
});
it('should allow admin access over HTTPS', function (done) {
request.get('/ghost/setup/')
.set('X-Forwarded-Proto', 'https')
.expect(200)
.end(doEnd(done));
});
});
});
});