const should = require('should'); const supertest = require('supertest'); const _ = require('lodash'); const testUtils = require('../../utils'); const config = require('../../../core/server/config'); const localUtils = require('./utils'); const ghost = testUtils.startGhost; describe('Admin API key authentication', function () { let request; before(function () { return ghost() .then(function () { request = supertest.agent(config.get('url')); }) .then(function () { return testUtils.initFixtures('api_keys'); }); }); it('Can not access endpoint without a token header', function () { return request.get(localUtils.API.getApiQuery('posts/')) .set('Authorization', `Ghost`) .expect('Content-Type', /json/) .expect('Cache-Control', testUtils.cacheRules.private) .expect(401); }); it('Can not access endpoint with a wrong endpoint token', function () { return request.get(localUtils.API.getApiQuery('posts/')) .set('Authorization', `Ghost ${localUtils.getValidAdminToken('https://wrong.com')}`) .expect('Content-Type', /json/) .expect('Cache-Control', testUtils.cacheRules.private) .expect(401); }); it('Can access browse endpoint with correct token', function () { return request.get(localUtils.API.getApiQuery('posts/')) .set('Authorization', `Ghost ${localUtils.getValidAdminToken('/canary/admin/')}`) .expect('Content-Type', /json/) .expect('Cache-Control', testUtils.cacheRules.private) .expect(200); }); it('Can create post', function () { const post = { title: 'Post created with api_key' }; return request .post(localUtils.API.getApiQuery('posts/?include=authors')) .set('Origin', config.get('url')) .set('Authorization', `Ghost ${localUtils.getValidAdminToken('/canary/admin/')}`) .send({ posts: [post] }) .expect('Content-Type', /json/) .expect('Cache-Control', testUtils.cacheRules.private) .expect(201) .then((res) => { // falls back to owner user res.body.posts[0].authors.length.should.eql(1); }); }); it('Can read users', function () { return request .get(localUtils.API.getApiQuery('users/')) .set('Origin', config.get('url')) .set('Authorization', `Ghost ${localUtils.getValidAdminToken('/canary/admin/')}`) .expect('Content-Type', /json/) .expect('Cache-Control', testUtils.cacheRules.private) .expect(200) .then((res) => { localUtils.API.checkResponse(res.body.users[0], 'user'); }); }); });