diff --git a/test/e2e-api/admin/__snapshots__/session.test.js.snap b/test/e2e-api/admin/__snapshots__/session.test.js.snap new file mode 100644 index 0000000000..9512097b28 --- /dev/null +++ b/test/e2e-api/admin/__snapshots__/session.test.js.snap @@ -0,0 +1,99 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`Sessions API can create session (log in) 1: [body] 1`] = `Object {}`; + +exports[`Sessions API can create session (log in) 2: [headers] 1`] = ` +Object { + "access-control-allow-origin": "http://127.0.0.1:2369", + "cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0", + "content-length": "7", + "content-type": "text/plain; charset=utf-8", + "etag": Any, + "set-cookie": Array [ + StringMatching /\\^ghost-admin-api-session=/, + ], + "vary": "Origin, Accept-Encoding", + "x-powered-by": "Express", +} +`; + +exports[`Sessions API can delete session (log out) 1: [body] 1`] = `Object {}`; + +exports[`Sessions API can delete session (log out) 2: [headers] 1`] = ` +Object { + "access-control-allow-origin": "http://127.0.0.1:2369", + "cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0", + "etag": Any, + "vary": "Origin", + "x-powered-by": "Express", +} +`; + +exports[`Sessions API can read session now the owner is logged in 1: [body] 1`] = ` +Object { + "accessibility": null, + "bio": "bio", + "cover_image": null, + "created_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/, + "created_by": "1", + "email": "jbloggs@example.com", + "facebook": null, + "id": "1", + "last_seen": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/, + "locale": null, + "location": "location", + "meta_description": null, + "meta_title": null, + "name": "Joe Bloggs", + "profile_image": "https://example.com/super_photo.jpg", + "slug": "joe-bloggs", + "status": "active", + "tour": null, + "twitter": null, + "updated_at": StringMatching /\\\\d\\{4\\}-\\\\d\\{2\\}-\\\\d\\{2\\}T\\\\d\\{2\\}:\\\\d\\{2\\}:\\\\d\\{2\\}\\\\\\.000Z/, + "updated_by": "1", + "visibility": "public", + "website": null, +} +`; + +exports[`Sessions API can read session now the owner is logged in 2: [headers] 1`] = ` +Object { + "access-control-allow-origin": "http://127.0.0.1:2369", + "cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0", + "content-length": "515", + "content-type": "application/json; charset=utf-8", + "etag": Any, + "vary": "Origin, Accept-Encoding", + "x-powered-by": "Express", +} +`; + +exports[`Sessions API errors when reading session again now owner is not logged in 1: [body] 1`] = ` +Object { + "errors": Array [ + Object { + "code": null, + "context": "Unable to determine the authenticated user or integration. Check that cookies are being passed through if using session authentication.", + "details": null, + "help": null, + "id": StringMatching /\\[a-f0-9\\]\\{8\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{4\\}-\\[a-f0-9\\]\\{12\\}/, + "message": "Authorization failed", + "property": null, + "type": "NoPermissionError", + }, + ], +} +`; + +exports[`Sessions API errors when reading session again now owner is not logged in 2: [headers] 1`] = ` +Object { + "access-control-allow-origin": "http://127.0.0.1:2369", + "cache-control": "no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0", + "content-length": "321", + "content-type": "application/json; charset=utf-8", + "etag": Any, + "vary": "Origin, Accept-Encoding", + "x-powered-by": "Express", +} +`; diff --git a/test/e2e-api/admin/session.test.js b/test/e2e-api/admin/session.test.js new file mode 100644 index 0000000000..dc1c49dccf --- /dev/null +++ b/test/e2e-api/admin/session.test.js @@ -0,0 +1,69 @@ +const {agentProvider, fixtureManager, matchers} = require('../../utils/e2e-framework'); +const {anyString, anyErrorId, stringMatching, anyISODateTime} = matchers; + +describe('Sessions API', function () { + let agent; + + before(async function () { + agent = await agentProvider.getAdminAPIAgent(); + await fixtureManager.init(); + }); + + it('can create session (log in)', async function () { + const owner = await fixtureManager.get('users', 0); + await agent + .post('session/') + .body({ + grant_type: 'password', + username: owner.email, + password: owner.password + }) + .expectStatus(201) + .matchBodySnapshot() + .matchHeaderSnapshot({ + etag: anyString, + 'set-cookie': [ + stringMatching(/^ghost-admin-api-session=/) + ] + }); + }); + + it('can read session now the owner is logged in', async function () { + await agent + .get('session/') + .expectStatus(200) + .matchBodySnapshot({ + // id is 1, but should be anyObjectID :( + last_seen: anyISODateTime, + created_at: anyISODateTime, + updated_at: anyISODateTime + }) + .matchHeaderSnapshot({ + etag: anyString + }); + }); + + it('can delete session (log out)', async function () { + await agent + .delete('session/') + .expectStatus(204) + .matchBodySnapshot() + .matchHeaderSnapshot({ + etag: anyString + }); + }); + + it('errors when reading session again now owner is not logged in', async function () { + await agent + .get('session/') + .expectStatus(403) + .matchBodySnapshot({ + errors: [{ + id: anyErrorId + }] + }) + .matchHeaderSnapshot({ + etag: anyString + }); + }); +});