mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-24 19:33:02 +03:00
Setup hijacks owner user
closes #3074 - user generated by fixture is hijacked - user is updated with name, email, password, slug and status - creates new user if db is migrated but no user exists - previously removed tests are back
This commit is contained in:
parent
f0ce3f2d02
commit
215badc663
@ -242,10 +242,23 @@ users = {
|
|||||||
* @param {User} object the user to create
|
* @param {User} object the user to create
|
||||||
* @returns {Promise(User}} Newly created user
|
* @returns {Promise(User}} Newly created user
|
||||||
*/
|
*/
|
||||||
// TODO: remove when setup is implemented
|
// TODO: update when setup is moved
|
||||||
register: function register(object) {
|
register: function register(object) {
|
||||||
// TODO: if we want to prevent users from being created with the signup form this is the right place to do it
|
var newUser;
|
||||||
return users.add(object, {context: {internal: true}});
|
|
||||||
|
return utils.checkObject(object, docName).then(function (checkedUserData) {
|
||||||
|
newUser = checkedUserData.users[0];
|
||||||
|
return dataProvider.User.findAll();
|
||||||
|
}).then(function (users) {
|
||||||
|
if (users.length > 0) {
|
||||||
|
return dataProvider.User.setup(newUser, {id: 1});
|
||||||
|
} else {
|
||||||
|
// TODO: needs to pass owner role when role endpoint is finished!
|
||||||
|
return dataProvider.User.add(newUser);
|
||||||
|
}
|
||||||
|
}).then(function (user) {
|
||||||
|
return { users: [user.toJSON()]};
|
||||||
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -61,7 +61,7 @@ adminControllers = {
|
|||||||
// Route: doSignup
|
// Route: doSignup
|
||||||
// Path: /ghost/setup/
|
// Path: /ghost/setup/
|
||||||
// Method: POST
|
// Method: POST
|
||||||
'doSignup': function (req, res) {
|
'doSetup': function (req, res) {
|
||||||
var name = req.body.name,
|
var name = req.body.name,
|
||||||
email = req.body.email,
|
email = req.body.email,
|
||||||
password = req.body.password,
|
password = req.body.password,
|
||||||
@ -69,7 +69,8 @@ adminControllers = {
|
|||||||
users = [{
|
users = [{
|
||||||
name: name,
|
name: name,
|
||||||
email: email,
|
email: email,
|
||||||
password: password
|
password: password,
|
||||||
|
status: 'active'
|
||||||
}];
|
}];
|
||||||
|
|
||||||
api.users.register({users: users}).then(function () {
|
api.users.register({users: users}).then(function () {
|
||||||
|
@ -96,7 +96,8 @@ User = ghostBookshelf.Model.extend({
|
|||||||
findOne: ['withRelated'],
|
findOne: ['withRelated'],
|
||||||
findAll: ['withRelated'],
|
findAll: ['withRelated'],
|
||||||
add: ['user'],
|
add: ['user'],
|
||||||
edit: ['user', 'withRelated']
|
setup: ['user', 'id'],
|
||||||
|
edit: ['user', 'withRelated', 'id']
|
||||||
};
|
};
|
||||||
|
|
||||||
if (validOptions[methodName]) {
|
if (validOptions[methodName]) {
|
||||||
@ -160,11 +161,6 @@ User = ghostBookshelf.Model.extend({
|
|||||||
options = this.filterOptions(options, 'add');
|
options = this.filterOptions(options, 'add');
|
||||||
options.withRelated = _.union([ 'roles' ], options.include);
|
options.withRelated = _.union([ 'roles' ], options.include);
|
||||||
|
|
||||||
/**
|
|
||||||
* This only allows one user to be added to the database, otherwise fails.
|
|
||||||
* @param {object} user
|
|
||||||
* @author javorszky
|
|
||||||
*/
|
|
||||||
return validatePasswordLength(userData.password).then(function () {
|
return validatePasswordLength(userData.password).then(function () {
|
||||||
return self.forge().fetch();
|
return self.forge().fetch();
|
||||||
}).then(function () {
|
}).then(function () {
|
||||||
@ -194,6 +190,31 @@ User = ghostBookshelf.Model.extend({
|
|||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
|
setup: function (data, options) {
|
||||||
|
var self = this,
|
||||||
|
// Clone the _user so we don't expose the hashed password unnecessarily
|
||||||
|
userData = this.filterData(data);
|
||||||
|
options = this.filterOptions(options, 'setup');
|
||||||
|
options.withRelated = _.union([ 'roles' ], options.include);
|
||||||
|
return validatePasswordLength(userData.password).then(function () {
|
||||||
|
// Generate a new password hash
|
||||||
|
return generatePasswordHash(data.password);
|
||||||
|
}).then(function (hash) {
|
||||||
|
// Assign the hashed password
|
||||||
|
userData.password = hash;
|
||||||
|
// LookupGravatar
|
||||||
|
return self.gravatarLookup(userData);
|
||||||
|
}).then(function (userWithGravatar) {
|
||||||
|
userData = userWithGravatar;
|
||||||
|
// Generate a new slug
|
||||||
|
return ghostBookshelf.Model.generateSlug.call(this, User, userData.name, options);
|
||||||
|
}).then(function (slug) {
|
||||||
|
// Assign slug and save the updated user
|
||||||
|
userData.slug = slug;
|
||||||
|
return self.edit.call(self, userData, options);
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
permissable: function (userModelOrId, context, loadedPermissions, hasUserPermission, hasAppPermission) {
|
permissable: function (userModelOrId, context, loadedPermissions, hasUserPermission, hasAppPermission) {
|
||||||
var self = this,
|
var self = this,
|
||||||
userModel = userModelOrId,
|
userModel = userModelOrId,
|
||||||
|
@ -33,7 +33,7 @@ adminRoutes = function (middleware) {
|
|||||||
res.redirect(301, subdir + '/ghost/signup/');
|
res.redirect(301, subdir + '/ghost/signup/');
|
||||||
});
|
});
|
||||||
|
|
||||||
router.post('/ghost/setup/', admin.doSignup);
|
router.post('/ghost/setup/', admin.doSetup);
|
||||||
router.post('/ghost/upload/', middleware.busboy, admin.upload);
|
router.post('/ghost/upload/', middleware.busboy, admin.upload);
|
||||||
|
|
||||||
// redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.
|
// redirect to /ghost and let that do the authentication to prevent redirects to /ghost//admin etc.
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
/*globals CasperTest, casper, testPost, newUser */
|
/*globals CasperTest, casper, testPost, newUser */
|
||||||
|
|
||||||
CasperTest.begin('Content screen is correct', 20, function suite(test) {
|
CasperTest.begin('Content screen is correct', 21, function suite(test) {
|
||||||
// First, create a sample post for testing (this should probably be a routine)
|
// First, create a sample post for testing (this should probably be a routine)
|
||||||
CasperTest.Routines.createTestPost.run(false);
|
CasperTest.Routines.createTestPost.run(false);
|
||||||
|
|
||||||
@ -32,10 +32,9 @@ CasperTest.begin('Content screen is correct', 20, function suite(test) {
|
|||||||
test.assertSelectorHasText(
|
test.assertSelectorHasText(
|
||||||
'.content-preview header .status', 'Written', 'preview header contains "Written" when post is a draft'
|
'.content-preview header .status', 'Written', 'preview header contains "Written" when post is a draft'
|
||||||
);
|
);
|
||||||
// TODO: Broken while setup doen't take over Owner user, please uncomment when fixed
|
test.assertSelectorHasText(
|
||||||
// test.assertSelectorHasText(
|
'.content-preview header .author', newUser.name, 'preview header contains author name'
|
||||||
// '.content-preview header .author', newUser.name, 'preview header contains author name'
|
);
|
||||||
// );
|
|
||||||
});
|
});
|
||||||
|
|
||||||
casper.then(function testEditPostButton() {
|
casper.then(function testEditPostButton() {
|
||||||
@ -67,7 +66,7 @@ CasperTest.begin('Content screen is correct', 20, function suite(test) {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
CasperTest.begin('Content list shows correct post status', 6, function testStaticPageStatus(test) {
|
CasperTest.begin('Content list shows correct post status', 7, function testStaticPageStatus(test) {
|
||||||
CasperTest.Routines.createTestPost.run(true);
|
CasperTest.Routines.createTestPost.run(true);
|
||||||
|
|
||||||
// Begin test
|
// Begin test
|
||||||
@ -90,10 +89,9 @@ CasperTest.begin('Content list shows correct post status', 6, function testStati
|
|||||||
test.assertSelectorHasText(
|
test.assertSelectorHasText(
|
||||||
'.content-preview header .status', 'Published', 'preview header contains "Published" when post is published'
|
'.content-preview header .status', 'Published', 'preview header contains "Published" when post is published'
|
||||||
);
|
);
|
||||||
// TODO: Broken while setup doen't take over Owner user, please uncomment when fixed
|
test.assertSelectorHasText(
|
||||||
// test.assertSelectorHasText(
|
'.content-preview header .author', newUser.name, 'preview header contains author name'
|
||||||
// '.content-preview header .author', newUser.name, 'preview header contains author name'
|
);
|
||||||
// );
|
|
||||||
});
|
});
|
||||||
|
|
||||||
// Change post to static page
|
// Change post to static page
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
* Tests if RSS exists and is working
|
* Tests if RSS exists and is working
|
||||||
*/
|
*/
|
||||||
/*globals url, CasperTest, casper */
|
/*globals url, CasperTest, casper */
|
||||||
CasperTest.begin('Ensure that RSS is available', 10, function suite(test) {
|
CasperTest.begin('Ensure that RSS is available', 11, function suite(test) {
|
||||||
CasperTest.Routines.togglePermalinks.run('off');
|
CasperTest.Routines.togglePermalinks.run('off');
|
||||||
casper.thenOpen(url + 'rss/', function (response) {
|
casper.thenOpen(url + 'rss/', function (response) {
|
||||||
var content = this.getPageContent(),
|
var content = this.getPageContent(),
|
||||||
@ -24,13 +24,12 @@ CasperTest.begin('Ensure that RSS is available', 10, function suite(test) {
|
|||||||
test.assert(content.indexOf(postStart) >= 0, 'Feed should contain start of welcome post content.');
|
test.assert(content.indexOf(postStart) >= 0, 'Feed should contain start of welcome post content.');
|
||||||
test.assert(content.indexOf(postEnd) >= 0, 'Feed should contain end of welcome post content.');
|
test.assert(content.indexOf(postEnd) >= 0, 'Feed should contain end of welcome post content.');
|
||||||
test.assert(content.indexOf(postLink) >= 0, 'Feed should have link to the welcome post.');
|
test.assert(content.indexOf(postLink) >= 0, 'Feed should have link to the welcome post.');
|
||||||
// TODO: Broken while setup doen't take over Owner user, please uncomment when fixed
|
test.assert(content.indexOf(postCreator) >= 0, 'Welcome post should have Test User as the creator.');
|
||||||
// test.assert(content.indexOf(postCreator) >= 0, 'Welcome post should have Test User as the creator.');
|
|
||||||
test.assert(content.indexOf('</rss>') >= 0, 'Feed should contain </rss>');
|
test.assert(content.indexOf('</rss>') >= 0, 'Feed should contain </rss>');
|
||||||
});
|
});
|
||||||
}, false);
|
}, false);
|
||||||
|
|
||||||
CasperTest.begin('Ensure that author element is not included. Only dc:creator', 2, function suite(test) {
|
CasperTest.begin('Ensure that author element is not included. Only dc:creator', 3, function suite(test) {
|
||||||
CasperTest.Routines.togglePermalinks.run('off');
|
CasperTest.Routines.togglePermalinks.run('off');
|
||||||
casper.thenOpen(url + 'rss/', function (response) {
|
casper.thenOpen(url + 'rss/', function (response) {
|
||||||
var content = this.getPageContent(),
|
var content = this.getPageContent(),
|
||||||
@ -39,8 +38,7 @@ CasperTest.begin('Ensure that author element is not included. Only dc:creator',
|
|||||||
|
|
||||||
test.assertEqual(response.status, 200, 'Response status should be 200.');
|
test.assertEqual(response.status, 200, 'Response status should be 200.');
|
||||||
test.assert(content.indexOf(author) < 0, 'Author element should not be included');
|
test.assert(content.indexOf(author) < 0, 'Author element should not be included');
|
||||||
// TODO: Broken while setup doen't take over Owner user, please uncomment when fixed
|
test.assert(content.indexOf(postCreator) >= 0, 'Welcome post should have Test User as the creator.');
|
||||||
// test.assert(content.indexOf(postCreator) >= 0, 'Welcome post should have Test User as the creator.');
|
|
||||||
});
|
});
|
||||||
}, false);
|
}, false);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user