From a4027d49cf36ca062a982a4e90468b97824d1c04 Mon Sep 17 00:00:00 2001 From: Kevin Ansfield Date: Mon, 25 Jan 2016 11:11:29 +0000 Subject: [PATCH] Fix 401 error when uploading images closes #6377 - restores ajax prefilter initializer that was removed in #6243 - adds regression test for standard `$.ajax` requests sending Authorization header This can be removed once we no longer have jquery plugins that make internal ajax calls that don't go through ember-ajax. --- .../jquery-ajax-oauth-prefilter.js | 21 +++++++++++ .../tests/acceptance/authentication-test.js | 37 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 ghost/admin/app/instance-initializers/jquery-ajax-oauth-prefilter.js diff --git a/ghost/admin/app/instance-initializers/jquery-ajax-oauth-prefilter.js b/ghost/admin/app/instance-initializers/jquery-ajax-oauth-prefilter.js new file mode 100644 index 0000000000..2bae0ed0a9 --- /dev/null +++ b/ghost/admin/app/instance-initializers/jquery-ajax-oauth-prefilter.js @@ -0,0 +1,21 @@ +import Ember from 'ember'; + +const {merge} = Ember; + +export default { + name: 'jquery-ajax-oauth-prefilter', + after: 'ember-simple-auth', + + initialize(application) { + let session = application.lookup('service:session'); + + Ember.$.ajaxPrefilter(function (options) { + session.authorize('authorizer:oauth2', function (headerName, headerValue) { + let headerObject = {}; + + headerObject[headerName] = headerValue; + options.headers = merge(options.headers || {}, headerObject); + }); + }); + } +}; diff --git a/ghost/admin/tests/acceptance/authentication-test.js b/ghost/admin/tests/acceptance/authentication-test.js index 4f5165b5a4..592a4c3cce 100644 --- a/ghost/admin/tests/acceptance/authentication-test.js +++ b/ghost/admin/tests/acceptance/authentication-test.js @@ -12,6 +12,9 @@ import destroyApp from '../helpers/destroy-app'; import { authenticateSession, currentSession, invalidateSession } from 'ghost/tests/helpers/ember-simple-auth'; import Mirage from 'ember-cli-mirage'; import windowProxy from 'ghost/utils/window-proxy'; +import ghostPaths from 'ghost/utils/ghost-paths'; + +const Ghost = ghostPaths(); describe('Acceptance: Authentication', function () { let application, @@ -125,4 +128,38 @@ describe('Acceptance: Authentication', function () { Ember.run.throttle = origThrottle; }); }); + + it('adds auth headers to jquery ajax', function (done) { + let role = server.create('role', {name: 'Administrator'}); + let user = server.create('user', {roles: [role]}); + + server.post('/uploads', (db, request) => { + return request; + }); + server.loadFixtures(); + + // jscs:disable requireCamelCaseOrUpperCaseIdentifiers + authenticateSession(application, { + access_token: 'test_token', + expires_in: 3600, + token_type: 'Bearer' + }); + // jscs:enable requireCamelCaseOrUpperCaseIdentifiers + + // necessary to visit a page to fully boot the app in testing + visit('/').andThen(() => { + $.ajax({ + type: 'POST', + url: `${Ghost.apiRoot}/uploads/`, + data: {test: 'Test'} + }).then((request) => { + expect(request.requestHeaders.Authorization, 'Authorization header') + .to.exist; + expect(request.requestHeaders.Authorization, 'Authotization header content') + .to.equal('Bearer test_token'); + }).always(() => { + done(); + }); + }); + }); });