mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-24 03:14:03 +03:00
Fix 401 error when uploading images
closes #6377 - restores ajax prefilter initializer that was removed in #6243 - adds regression test for standard `$.ajax` requests sending Authorization header This can be removed once we no longer have jquery plugins that make internal ajax calls that don't go through ember-ajax.
This commit is contained in:
parent
15144dd551
commit
a4027d49cf
21
ghost/admin/app/instance-initializers/jquery-ajax-oauth-prefilter.js
vendored
Normal file
21
ghost/admin/app/instance-initializers/jquery-ajax-oauth-prefilter.js
vendored
Normal file
@ -0,0 +1,21 @@
|
||||
import Ember from 'ember';
|
||||
|
||||
const {merge} = Ember;
|
||||
|
||||
export default {
|
||||
name: 'jquery-ajax-oauth-prefilter',
|
||||
after: 'ember-simple-auth',
|
||||
|
||||
initialize(application) {
|
||||
let session = application.lookup('service:session');
|
||||
|
||||
Ember.$.ajaxPrefilter(function (options) {
|
||||
session.authorize('authorizer:oauth2', function (headerName, headerValue) {
|
||||
let headerObject = {};
|
||||
|
||||
headerObject[headerName] = headerValue;
|
||||
options.headers = merge(options.headers || {}, headerObject);
|
||||
});
|
||||
});
|
||||
}
|
||||
};
|
@ -12,6 +12,9 @@ import destroyApp from '../helpers/destroy-app';
|
||||
import { authenticateSession, currentSession, invalidateSession } from 'ghost/tests/helpers/ember-simple-auth';
|
||||
import Mirage from 'ember-cli-mirage';
|
||||
import windowProxy from 'ghost/utils/window-proxy';
|
||||
import ghostPaths from 'ghost/utils/ghost-paths';
|
||||
|
||||
const Ghost = ghostPaths();
|
||||
|
||||
describe('Acceptance: Authentication', function () {
|
||||
let application,
|
||||
@ -125,4 +128,38 @@ describe('Acceptance: Authentication', function () {
|
||||
Ember.run.throttle = origThrottle;
|
||||
});
|
||||
});
|
||||
|
||||
it('adds auth headers to jquery ajax', function (done) {
|
||||
let role = server.create('role', {name: 'Administrator'});
|
||||
let user = server.create('user', {roles: [role]});
|
||||
|
||||
server.post('/uploads', (db, request) => {
|
||||
return request;
|
||||
});
|
||||
server.loadFixtures();
|
||||
|
||||
// jscs:disable requireCamelCaseOrUpperCaseIdentifiers
|
||||
authenticateSession(application, {
|
||||
access_token: 'test_token',
|
||||
expires_in: 3600,
|
||||
token_type: 'Bearer'
|
||||
});
|
||||
// jscs:enable requireCamelCaseOrUpperCaseIdentifiers
|
||||
|
||||
// necessary to visit a page to fully boot the app in testing
|
||||
visit('/').andThen(() => {
|
||||
$.ajax({
|
||||
type: 'POST',
|
||||
url: `${Ghost.apiRoot}/uploads/`,
|
||||
data: {test: 'Test'}
|
||||
}).then((request) => {
|
||||
expect(request.requestHeaders.Authorization, 'Authorization header')
|
||||
.to.exist;
|
||||
expect(request.requestHeaders.Authorization, 'Authotization header content')
|
||||
.to.equal('Bearer test_token');
|
||||
}).always(() => {
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user