Commit Graph

25 Commits

Author SHA1 Message Date
Sebastian Gierlinger
f48dfb09cf Public API
refs #4180
closes #4181
- added client and user authentication
- added authenticatePublic/authenticatePrivate as workaround for
missing permissions
- added domain validation
- added CORS header for valid clients
- merged authenticate.js and client-auth.js into auth.js
- removed middleware/api-error-handlers.js
- removed authentication middleware
- added and updated tests
2015-10-22 15:28:47 +02:00
Hannah Wolfe
2c51a89b66 Refactor auth-strategies to use findOne
- Simplifies both strategy & test code
- Should have no side effects
2015-10-16 19:40:02 +01:00
Hannah Wolfe
58e31f3bd8 Refactor auth strategy tests to not use DB
- unit tests are not intended to call out to the db
- this fakes the response from the model layer
2015-10-16 19:40:01 +01:00
Kevin Ansfield
ff73f1af92 deps: grunt-jscs@2.1.0
no issue
- update grunt-jscs dependency
- fix deprecated `validateJSDoc` configuration
- fix numerous linting errors, including:
  - use of future-reserved `public` and `private` variable names
  - use of `[]` instead of dot-notation (especially `express['static']` and `cacheRules['x']`)
  - extra spaces in `const { run } = Ember` style constructs

One issue that did become apparent is that there are conflicting rules that prevent the use of object function shorthand such that both of these:

```
{ myFunc() {} }
{ myFunc () {} }
```

are called out due to either the missing or the extra space before the `(`
2015-10-12 19:21:16 +01:00
Hannah Wolfe
4e29d9e987 Simplify theme middleware + improve tests
refs #5286, #4172, #5888

- no need to pass blogApp around in middleware
- improve test coverage to 100%
2015-10-11 22:26:43 +01:00
Hannah Wolfe
390d5fcea2 Remove unnecessary API lookup for activeTheme
- the active theme is already managed and kept up to date as a property
of the express app
- this can be accessed via `req.app` inside of middleware
2015-09-29 22:54:55 +02:00
Sebastian Gierlinger
bc25348fcc SSL redirects
closes #5873
- replaced redirectPathname with url method
- added tests
2015-09-25 12:02:14 +02:00
Hannah Wolfe
8895f41ee2 Uncapitalise respects subdirectories & no encoding
no issue

- Uncapitalise was dropping the subdirectory when redirecting - so the base url has been added where present
- Uncapitalise was also working differently in node 0.10 and 0.12 - so the path is decoded before testing for uppercase
- Adds some test coverage
2015-09-24 18:52:30 +01:00
Hannah Wolfe
1cbef8a712 Merge pull request #5802 from sebgie/fix-cache-test
Fix cache-control test
2015-09-08 19:17:41 +01:00
Sebastian Gierlinger
762824690a Improve Middleware Code Coverage
refs #5286
- finished tests for check-ssl.js
2015-09-08 18:05:22 +02:00
Sebastian Gierlinger
93070c60e2 Fix cache-control test
no issue
- fixed brackets to execute test again
2015-09-03 17:42:15 +02:00
Sebastian Gierlinger
f22796ff7d Add dynamic client_id/client_secret
no issue
- added ghost-admin client_id to admin
- added ghost-admin client_secret to admin
- added client.read() api endpoint
- added random generation of client_secret to migration
- removed addClientSecret method
- updated tests
2015-09-02 16:39:34 +01:00
Sebastian Gierlinger
6120d0a80f Improve middleware coverage
refs #5286
- changed auth-strategies to be testable
- added tests
2015-08-21 23:46:42 +02:00
Sebastian Gierlinger
b2ede23c4a Remove duplicate function
no issue
- remove duplicate registerSuccessfulBearerStrategy

Thanks to @jonblack for finding that!
2015-08-12 15:17:09 +02:00
Sebastian Gierlinger
a993f80a51 Auth tests
- added tests for authentication middleware
- changed use of auth strategies
2015-08-09 12:50:05 +02:00
Fabian Becker
c1a2601514 Middleware Refactor
- Refactor SSL middleware into separate module.
- Refactor redirectToSetup to separate module + tests
- Refactor serveStaticFile + tests
- Refactor authentication middleware + tests
- Refactor private blogging middleware

refs #5286
2015-08-04 14:53:58 +02:00
Hannah Wolfe
b1dd96ecc2 Removing incorrect 405 handling
refs #2757

- As per this convo: https://ghost.slack.com/archives/ghost/p1436895553007431 the 405 handling in Ghost is acting
as a catch all, rather than only returning when the wrong HTTP method is used for a valid resource.
- Implementing proper 405 with express is a challenge, and therefore we defer doing this work until it is needed
2015-07-14 20:49:19 +01:00
Jason Williams
b6cbd2d4bd Merge pull request #5427 from ErisDS/api-reshuffle
API mini-cleanup + 405 errors
2015-06-15 10:26:11 -05:00
Hannah Wolfe
254e0f0597 Improve API error handling
close #2757, refs #5286

- moves error formatting from api/index into errors lib
- moves error handling from api/index into its own middleware
- adds extra middleware for method not allowed which captures all unsupported routes
2015-06-15 10:08:30 +01:00
Alex Kleissner
05e49d9a96 Move uncapitalize into its own file.
refs #5286
- Moved the logic into its own file
- Added unit tests
2015-06-10 12:21:15 -07:00
Alex Kleissner
511684c436 Moves the decideIsAdmin into its own file.
refs #5286
- Moved the function into its own file
- Added unit tests for the function
2015-06-09 14:02:22 -07:00
Maurice Williams
b3cbb20be1 splitting client authentication-related middleware in to its own file
* refs #5286
* includes test cases for `addClientSecret`
* no tests first `generateAccessToken` and `authenticateClient` because there isn't anything to test in them
2015-05-31 12:35:03 -04:00
Alex Kleissner
766bf99de9 Move the spam prevention into its own file.
issue #5286
- Moved the spam prevention functions into their own file
- Added unit tests for the functions
2015-05-29 08:59:29 -07:00
Hannah Wolfe
f3174de9e2 Cache control for private blogs
no issue

- private blogs need to not be cached, so that the cookie is always checked
2015-05-20 21:44:42 +01:00
Hannah Wolfe
050b03d2bd Cache control middleware refactor
refs #5286

- split cache control middleware into its own file
- split out cache control tests
- add new mochacli command for running just middleware tests
2015-05-18 22:20:26 +01:00