mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-23 22:11:09 +03:00
Added missing return in create-stripe-update-session
no issue - Return was missing for `res.end` if an invalid subscription_id was passed - Added explicit `text/plain` `Content-Type` headers to error messages to avoid MIME sniffing Signed-off-by: Elijah Conners <business@elijahpepe.com> Co-authored-by: Simon Backx <simon@ghost.org>
This commit is contained in:
Elijah
GitHub
parent
16dc2be3cf
commit
3c94812ee5
@ -36,7 +36,9 @@ const deleteSession = async function (req, res) {
|
||||
res.writeHead(204);
|
||||
res.end();
|
||||
} catch (err) {
|
||||
res.writeHead(err.statusCode);
|
||||
res.writeHead(err.statusCode, {
|
||||
'Content-Type': 'text/plain;charset=UTF-8'
|
||||
});
|
||||
res.end(err.message);
|
||||
}
|
||||
};
|
||||
@ -130,7 +132,9 @@ const updateMemberData = async function (req, res) {
|
||||
res.json(null);
|
||||
}
|
||||
} catch (err) {
|
||||
res.writeHead(err.statusCode);
|
||||
res.writeHead(err.statusCode, {
|
||||
'Content-Type': 'text/plain;charset=UTF-8'
|
||||
});
|
||||
res.end(err.message);
|
||||
}
|
||||
};
|
||||
|
||||
@ -128,6 +128,23 @@ describe('Front-end members behavior', function () {
|
||||
.expect(400);
|
||||
});
|
||||
|
||||
it('should error for invalid subscription id on members create update session endpoint', async function () {
|
||||
const membersService = require('../../core/server/services/members');
|
||||
const email = 'test-member-create-update-session@email.com';
|
||||
await membersService.api.members.create({email});
|
||||
const token = await membersService.api.getMemberIdentityToken(email);
|
||||
await request.post('/members/api/create-stripe-update-session')
|
||||
.send({
|
||||
identity: token,
|
||||
subscription_id: 'invalid'
|
||||
})
|
||||
.expect(404)
|
||||
.expect('Content-Type', 'text/plain;charset=UTF-8')
|
||||
.expect((res) => {
|
||||
res.text.should.eql('Could not find subscription invalid');
|
||||
});
|
||||
});
|
||||
|
||||
it('should error for invalid data on members subscription endpoint', async function () {
|
||||
await request.put('/members/api/subscriptions/123')
|
||||
.expect(400);
|
||||
|
||||
@ -183,7 +183,9 @@ module.exports = class MemberController {
|
||||
res.writeHead(204);
|
||||
res.end();
|
||||
} catch (err) {
|
||||
res.writeHead(err.statusCode || 500);
|
||||
res.writeHead(err.statusCode || 500, {
|
||||
'Content-Type': 'text/plain;charset=UTF-8'
|
||||
});
|
||||
res.end(err.message);
|
||||
}
|
||||
}
|
||||
|
||||
@ -110,8 +110,10 @@ module.exports = class RouterController {
|
||||
});
|
||||
|
||||
if (!subscription) {
|
||||
res.writeHead(404);
|
||||
res.end(`Could not find subscription ${req.body.subscription_id}`);
|
||||
res.writeHead(404, {
|
||||
'Content-Type': 'text/plain;charset=UTF-8'
|
||||
});
|
||||
return res.end(`Could not find subscription ${req.body.subscription_id}`);
|
||||
}
|
||||
customer = await this._stripeAPIService.getCustomer(subscription.get('customer_id'));
|
||||
}
|
||||
|
||||
@ -32,7 +32,9 @@ const server = require('http').createServer(async (req, res) => {
|
||||
res.writeHead(200);
|
||||
res.end();
|
||||
} catch (err) {
|
||||
res.writeHead(err.statusCode);
|
||||
res.writeHead(err.statusCode, {
|
||||
'Content-Type': 'text/plain;charset=UTF-8'
|
||||
});
|
||||
res.end(err.message);
|
||||
}
|
||||
} else {
|
||||
@ -43,7 +45,9 @@ const server = require('http').createServer(async (req, res) => {
|
||||
});
|
||||
res.end(JSON.stringify(member));
|
||||
} catch (err) {
|
||||
res.writeHead(err.statusCode);
|
||||
res.writeHead(err.statusCode, {
|
||||
'Content-Type': 'text/plain;charset=UTF-8'
|
||||
});
|
||||
res.end(err.message);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user