mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-01 05:50:35 +03:00
Updated tests to incl. host limit cases for core integrations
- added core and builtin integrations to test fixtures - allowed passing a custom api key id to generate JWT - updated admin key auth test to make successful request with a `core` integration, which doesn't work atm because relations are not returned
This commit is contained in:
parent
5ac779f86b
commit
77e4be6b81
@ -23,7 +23,7 @@ describe('Integrations API', function () {
|
||||
.expect('Cache-Control', testUtils.cacheRules.private)
|
||||
.expect(200);
|
||||
|
||||
should.equal(res.body.integrations.length, 3);
|
||||
should.equal(res.body.integrations.length, 5);
|
||||
|
||||
// there is no enforced order for integrations which makes order different on SQLite and MySQL
|
||||
const zapierIntegration = _.find(res.body.integrations, {name: 'Zapier'}); // from migrations
|
||||
@ -31,6 +31,9 @@ describe('Integrations API', function () {
|
||||
|
||||
const testIntegration = _.find(res.body.integrations, {name: 'Test Integration'}); // from fixtures
|
||||
should.exist(testIntegration);
|
||||
|
||||
const exploreIntegration = _.find(res.body.integrations, {name: 'Test Core Integration'}); // from fixtures
|
||||
should.exist(exploreIntegration);
|
||||
});
|
||||
|
||||
it('Can not read internal integration', async function () {
|
||||
|
@ -85,16 +85,26 @@ describe('Admin API key authentication', function () {
|
||||
|
||||
// NOTE: need to do a full reboot to reinitialize hostSettings
|
||||
await localUtils.startGhost();
|
||||
await testUtils.initFixtures('integrations');
|
||||
await testUtils.initFixtures('api_keys');
|
||||
|
||||
const response = await request.get(localUtils.API.getApiQuery('posts/'))
|
||||
const firstResponse = await request.get(localUtils.API.getApiQuery('posts/'))
|
||||
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/admin/')}`)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect('Cache-Control', testUtils.cacheRules.private)
|
||||
.expect(403);
|
||||
|
||||
response.body.errors[0].type.should.equal('HostLimitError');
|
||||
response.body.errors[0].message.should.equal('Custom limit error message');
|
||||
firstResponse.body.errors[0].type.should.equal('HostLimitError');
|
||||
firstResponse.body.errors[0].message.should.equal('Custom limit error message');
|
||||
|
||||
// CASE: Test with a different API key, related to a core integration
|
||||
const secondResponse = await request.get(localUtils.API.getApiQuery('explore/'))
|
||||
.set('Authorization', `Ghost ${localUtils.getValidAdminToken('/admin/', 4)}`)
|
||||
.expect('Content-Type', /json/)
|
||||
.expect('Cache-Control', testUtils.cacheRules.private)
|
||||
.expect(200);
|
||||
|
||||
should.exist(secondResponse.body.explore);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
@ -219,10 +219,10 @@ module.exports = {
|
||||
return testUtils.API.doAuth(`${API_URL}session/`, ...args);
|
||||
},
|
||||
|
||||
getValidAdminToken(audience) {
|
||||
getValidAdminToken(audience, keyid = 0) {
|
||||
const jwt = require('jsonwebtoken');
|
||||
const JWT_OPTIONS = {
|
||||
keyid: testUtils.DataGenerator.Content.api_keys[0].id,
|
||||
keyid: testUtils.DataGenerator.Content.api_keys[keyid].id,
|
||||
algorithm: 'HS256',
|
||||
expiresIn: '5m',
|
||||
audience: audience
|
||||
@ -230,7 +230,7 @@ module.exports = {
|
||||
|
||||
return jwt.sign(
|
||||
{},
|
||||
Buffer.from(testUtils.DataGenerator.Content.api_keys[0].secret, 'hex'),
|
||||
Buffer.from(testUtils.DataGenerator.Content.api_keys[keyid].secret, 'hex'),
|
||||
JWT_OPTIONS
|
||||
);
|
||||
},
|
||||
|
@ -45,17 +45,26 @@ describe('Content API key authentication', function () {
|
||||
|
||||
// NOTE: need to do a full reboot to reinitialize hostSettings
|
||||
await localUtils.startGhost();
|
||||
await testUtils.initFixtures('integrations');
|
||||
await testUtils.initFixtures('api_keys');
|
||||
|
||||
const key = localUtils.getValidKey();
|
||||
|
||||
const response = await request.get(localUtils.API.getApiQuery(`posts/?key=${key}`))
|
||||
const firstResponse = await request.get(localUtils.API.getApiQuery(`posts/?key=${key}`))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect('Cache-Control', testUtils.cacheRules.private)
|
||||
.expect(403);
|
||||
|
||||
response.body.errors[0].type.should.equal('HostLimitError');
|
||||
response.body.errors[0].message.should.equal('Custom limit error message');
|
||||
firstResponse.body.errors[0].type.should.equal('HostLimitError');
|
||||
firstResponse.body.errors[0].message.should.equal('Custom limit error message');
|
||||
|
||||
// CASE: explore endpoint can only be reached by Admin API
|
||||
const secondResponse = await request.get(localUtils.API.getApiQuery('explore/'))
|
||||
.expect('Content-Type', /json/)
|
||||
.expect('Cache-Control', testUtils.cacheRules.private)
|
||||
.expect(404);
|
||||
|
||||
secondResponse.body.errors[0].type.should.equal('NotFoundError');
|
||||
});
|
||||
});
|
||||
});
|
||||
|
@ -651,6 +651,18 @@ DataGenerator.Content = {
|
||||
name: 'Test Internal Integration',
|
||||
slug: 'test-internal-integration',
|
||||
type: 'internal'
|
||||
},
|
||||
{
|
||||
id: ObjectId().toHexString(),
|
||||
name: 'Test Builtin Integration',
|
||||
slug: 'test-builtin-integration',
|
||||
type: 'builtin'
|
||||
},
|
||||
{
|
||||
id: ObjectId().toHexString(),
|
||||
name: 'Test Core Integration',
|
||||
slug: 'test-core-integration',
|
||||
type: 'core'
|
||||
}
|
||||
],
|
||||
|
||||
@ -670,7 +682,20 @@ DataGenerator.Content = {
|
||||
{
|
||||
id: ObjectId().toHexString(),
|
||||
type: 'admin',
|
||||
secret: _.repeat('b', 64),
|
||||
integration_id: undefined // "internal"
|
||||
},
|
||||
{
|
||||
id: ObjectId().toHexString(),
|
||||
type: 'admin',
|
||||
secret: _.repeat('d', 26),
|
||||
integration_id: undefined // "builtin"
|
||||
},
|
||||
{
|
||||
id: ObjectId().toHexString(),
|
||||
type: 'admin',
|
||||
secret: _.repeat('e', 64),
|
||||
integration_id: undefined // "core"
|
||||
}
|
||||
],
|
||||
|
||||
@ -800,6 +825,8 @@ DataGenerator.Content = {
|
||||
// set up belongs_to relationships
|
||||
DataGenerator.Content.api_keys[0].integration_id = DataGenerator.Content.integrations[0].id;
|
||||
DataGenerator.Content.api_keys[1].integration_id = DataGenerator.Content.integrations[0].id;
|
||||
DataGenerator.Content.api_keys[3].integration_id = DataGenerator.Content.integrations[2].id;
|
||||
DataGenerator.Content.api_keys[4].integration_id = DataGenerator.Content.integrations[3].id;
|
||||
DataGenerator.Content.webhooks[0].integration_id = DataGenerator.Content.integrations[0].id;
|
||||
DataGenerator.Content.webhooks[1].integration_id = DataGenerator.Content.integrations[0].id;
|
||||
DataGenerator.Content.emails[0].post_id = DataGenerator.Content.posts[0].id;
|
||||
@ -1464,13 +1491,17 @@ DataGenerator.forKnex = (function () {
|
||||
|
||||
const integrations = [
|
||||
createBasic(DataGenerator.Content.integrations[0]),
|
||||
createBasic(DataGenerator.Content.integrations[1])
|
||||
createBasic(DataGenerator.Content.integrations[1]),
|
||||
createBasic(DataGenerator.Content.integrations[2]),
|
||||
createBasic(DataGenerator.Content.integrations[3])
|
||||
];
|
||||
|
||||
const api_keys = [
|
||||
createBasic(DataGenerator.Content.api_keys[0]),
|
||||
createBasic(DataGenerator.Content.api_keys[1]),
|
||||
createBasic(DataGenerator.Content.api_keys[2])
|
||||
createBasic(DataGenerator.Content.api_keys[2]),
|
||||
createBasic(DataGenerator.Content.api_keys[3]),
|
||||
createBasic(DataGenerator.Content.api_keys[4])
|
||||
];
|
||||
|
||||
const emails = [
|
||||
|
Loading…
Reference in New Issue
Block a user