TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-30 21:40:39 +03:00
Code Issues Projects Releases Wiki Activity

Removed old auth suite

Browse Source
This commit is contained in:
Nazar Gargol 2019-07-25 16:56:58 +02:00
parent 67c2fb8285
commit 03934e30c9
1 changed files with 0 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

298
core/test/regression/api/v2/admin/authentication_spec.js
View File

@ -2,13 +2,7 @@ const should = require('should');
const supertest = require('supertest');
const testUtils = require('../../../../utils/index');
const localUtils = require('./utils');
const moment = require('moment');
const user = testUtils.DataGenerator.forModel.users[0];
const models = require('../../../../../server/models/index');
const constants = require('../../../../../server/lib/constants');
const config = require('../../../../../server/config/index');
const security = require('../../../../../server/lib/security/index');
const settingsCache = require('../../../../../server/services/settings/cache');
let ghost = testUtils.startGhost;
let request;
@ -16,298 +10,6 @@ let request;
describe.only('Authentication API v2', function () {
var accesstoken = '', ghostServer;
describe('auth & authorize', function () {
before(function () {
return ghost()
.then(function (_ghostServer) {
ghostServer = _ghostServer;
request = supertest.agent(config.get('url'));
})
.then(function () {
return localUtils.doAuth(request);
})
.then(function (token) {
accesstoken = token;
});
});
afterEach(function () {
return testUtils.clearBruteData();
});
it('can authenticate', function (done) {
request.post(localUtils.API.getApiQuery('authentication/token'))
.set('Origin', config.get('url'))
.send({
grant_type: 'password',
username: user.email,
password: user.password,
client_id: 'ghost-admin',
client_secret: 'not_available'
})
.expect('Content-Type', /json/)
// TODO: make it possible to override oauth2orize's header so that this is consistent
.expect('Cache-Control', 'no-store')
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
should.not.exist(res.headers['x-cache-invalidate']);
var jsonResponse = res.body,
newAccessToken;
should.exist(jsonResponse.access_token);
should.exist(jsonResponse.refresh_token);
should.exist(jsonResponse.expires_in);
should.exist(jsonResponse.token_type);
models.Accesstoken.findOne({
token: jsonResponse.access_token
}).then(function (_newAccessToken) {
newAccessToken = _newAccessToken;
return models.Refreshtoken.findOne({
token: jsonResponse.refresh_token
});
}).then(function (newRefreshToken) {
newAccessToken.get('issued_by').should.eql(newRefreshToken.id);
done();
}).catch(done);
});
});
it('can\'t authenticate unknown user', function (done) {
request.post(localUtils.API.getApiQuery('authentication/token'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.send({
grant_type: 'password',
username: 'invalid@email.com',
password: user.password,
client_id: 'ghost-admin',
client_secret: 'not_available'
}).expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(404)
.end(function (err, res) {
if (err) {
return done(err);
}
var jsonResponse = res.body;
should.exist(jsonResponse.errors[0].errorType);
jsonResponse.errors[0].errorType.should.eql('NotFoundError');
done();
});
});
it('can\'t authenticate invalid password user', function (done) {
request.post(localUtils.API.getApiQuery('authentication/token'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.send({
grant_type: 'password',
username: user.email,
password: 'invalid',
client_id: 'ghost-admin',
client_secret: 'not_available'
}).expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(422)
.end(function (err, res) {
if (err) {
return done(err);
}
var jsonResponse = res.body;
should.exist(jsonResponse.errors[0].errorType);
jsonResponse.errors[0].errorType.should.eql('ValidationError');
done();
});
});
it('can request new access token', function (done) {
request.post(localUtils.API.getApiQuery('authentication/token'))
.set('Origin', config.get('url'))
.send({
grant_type: 'password',
username: user.email,
password: user.password,
client_id: 'ghost-admin',
client_secret: 'not_available'
})
.expect('Content-Type', /json/)
// TODO: make it possible to override oauth2orize's header so that this is consistent
.expect('Cache-Control', 'no-store')
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
var refreshToken = res.body.refresh_token;
models.Accesstoken.findOne({
token: accesstoken
}).then(function (oldAccessToken) {
moment(oldAccessToken.get('expires')).diff(moment(), 'minutes').should.be.above(6);
request.post(localUtils.API.getApiQuery('authentication/token'))
.set('Origin', config.get('url'))
.set('Authorization', 'Bearer ' + accesstoken)
.send({
grant_type: 'refresh_token',
refresh_token: refreshToken,
client_id: 'ghost-admin',
client_secret: 'not_available'
})
.expect('Content-Type', /json/)
// TODO: make it possible to override oauth2orize's header so that this is consistent
.expect('Cache-Control', 'no-store')
.expect(200)
.end(function (err, res) {
if (err) {
return done(err);
}
var jsonResponse = res.body;
should.exist(jsonResponse.access_token);
should.exist(jsonResponse.expires_in);
models.Accesstoken.findOne({
token: accesstoken
}).then(function (oldAccessToken) {
moment(oldAccessToken.get('expires')).diff(moment(), 'minutes').should.be.below(6);
return models.Refreshtoken.findOne({
token: refreshToken
});
}).then(function (refreshTokenModel) {
// NOTE: the static 6 month ms number in our constants are based on 30 days
// We have to compare against the static number. We can't compare against the month in
// the next 6 month dynamically, because each month has a different number of days,
// which results in a different ms number.
moment(Date.now() + constants.SIX_MONTH_MS)
.startOf('day')
.diff(moment(refreshTokenModel.get('expires')).startOf('day'), 'month').should.eql(0);
done();
});
});
});
});
});
it('can\'t request new access token with invalid refresh token', function (done) {
request.post(localUtils.API.getApiQuery('authentication/token'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.send({
grant_type: 'refresh_token',
refresh_token: 'invalid',
client_id: 'ghost-admin',
client_secret: 'not_available'
}).expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(403)
.end(function (err, res) {
if (err) {
return done(err);
}
var jsonResponse = res.body;
should.exist(jsonResponse.errors[0].errorType);
jsonResponse.errors[0].errorType.should.eql('NoPermissionError');
done();
});
});
it('reset password', function (done) {
models.User.getOwnerUser(testUtils.context.internal)
.then(function (ownerUser) {
var token = security.tokens.resetToken.generateHash({
expires: Date.now() + (1000 * 60),
email: user.email,
dbHash: settingsCache.get('db_hash'),
password: ownerUser.get('password')
});
request.put(localUtils.API.getApiQuery('authentication/passwordreset'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.send({
passwordreset: [{
token: token,
newPassword: 'thisissupersafe',
ne2Password: 'thisissupersafe'
}]
})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.end(function (err) {
if (err) {
return done(err);
}
done();
});
})
.catch(done);
});
it('reset password: invalid passwords', function () {
return request.put(localUtils.API.getApiQuery('authentication/passwordreset'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.send({
passwordreset: [{
token: 'doesntmatter',
newPassword: 'thisissupersafe',
ne2Password: 'thisissupersafebutdoesntmatch'
}]
})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(422);
});
it('reset password: invalid token', function () {
return request
.put(localUtils.API.getApiQuery('authentication/passwordreset'))
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.send({
passwordreset: [{
token: 'invalid',
newPassword: 'thisissupersafe',
ne2Password: 'thisissupersafe'
}]
})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(401);
});
it('revoke token', function () {
return request
.post(localUtils.API.getApiQuery('authentication/revoke'))
.set('Authorization', 'Bearer ' + accesstoken)
.set('Origin', config.get('url'))
.set('Accept', 'application/json')
.send({
token: accesstoken,
token_type_hint: 'access_token'
})
.expect('Content-Type', /json/)
.expect('Cache-Control', testUtils.cacheRules.private)
.expect(200)
.then(() => {
return request
.get(localUtils.API.getApiQuery('posts/'))
.set('Authorization', 'Bearer ' + accesstoken)
.expect(401);
});
});
});
describe('Blog setup', function () {
before(function () {
return ghost({forceStart: true})